A new Linux backdoor known as linux avp has been discovered exploiting flaws in e-commerce sites all across the world. According to experts, it was getting orders from a control server in Beijing.
According to experts, attackers are deploying linux avp, combined with a credit card skimmer, to steal payment information from targeted websites by exploiting flaws in e-commerce platforms.
The attacker discovered scores of flaws in online shop systems using an automated e-commerce assault. The attacker uncovered a file upload vulnerability in one of the store’s plugins after searching for one and a half days. They took advantage of this flaw to build an early foothold. They then uploaded a malicious web shell and modified the server code to steal consumer information. They then deployed a linux avp backdoor, which allowed attackers to remotely execute instructions transmitted from a C2 server in Beijing.
Following execution, the malware is deleted from the disc and camouflaged as a bogus process called “ps -ef,” which is a programme for displaying current processes in Unix or Unix-like operating systems.
Furthermore, the researchers uncovered a PHP-coded web skimmer included in the e-commerce platform’s code. This skimmer masquerades as a favicon (favicon absolute top[.]jpg). It is used to insert fake payment forms and steal credit card information entered by consumers in real-time before it is sent to a remote server. The PHP code was previously utilised as an endpoint for skimming exfiltration in July and August on a Hong Kong-based server.
Recent linux avp attacks demonstrate that fraudsters are aggressively seeking and exploiting flaws in internet websites, particularly e-commerce systems. Businesses that conduct online transactions should be aware of the hazards connected with unpatched plugins. Experts advise businesses to work on recognising and stopping skimming attempts in order to stay safe.