US indicts Iranian hackers for Proud Boys voter intimidation emails
Winamp prepares a relaunch, new beta version almost ready
FBI warns of APT group exploiting FatPipe VPN zero-day since May
Windows 10 21H2 is released, here are the new features
Android malware BrazKing returns as a stealthier banking trojan
US indicts Iranian hackers for Proud Boys voter intimidation emails
Winamp prepares a relaunch, new beta version almost ready
Hackers deploy Linux malware, web skimmer on e-commerce servers
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Hackers deploy Linux malware, web skimmer on e-commerce servers
Security researchers discovered that attackers are also deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card skimmer into online shops’ websites.
The PHP-coded web skimmer (a script designed to steal and exfiltrate customers’ payment and personal info) is added and camouflaged as a .JPG image file in the /app/design/frontend/ folder.
The attackers use this script to download and inject fake payment forms on checkout pages displayed to customers by the hacked online shop.
“We found that the attacker started with automated eCommerce attack probes, testing for dozens of weaknesses in common online store platforms,” the Sansec Threat Research Team revealed.
“After a day and a half, the attacker found a file upload vulnerability in one of the store’s plugins. S/he then uploaded a webshell and modified the server code to intercept customer data.”
Sansec - linux_avp Linux Golang malware
The Golang-based malware, spotted by Dutch cyber-security company Sansec on the same server, was downloaded and executed on breached servers as a linux_avp executable.
Once launched, it immediately removes itself from the disk and camouflages itself as a “ps -ef” process that would be used to get a list of currently-running processes.
While analyzing the linux_avp backdoor, Sansec found that it waits for commands from a Beijing server hosted on Alibaba’s network.
They also discovered that the malware would gain persistence by adding a new crontab entry that would redownload the malicious payload from its command-and-control server and reinstall the backdoor if detected and removed or the server restarts.
Until now, this backdoor remains undetected by anti-malware engines on VirusTotal even though a sample was first uploaded more than one month ago, on October 8th.
The uploader might be the linux_avp creator since it was submitted one day after researchers at Dutch cyber-security company Sansec spotted it while investigating the e-commerce site breach.
Invisible characters could be hiding backdoors in your JavaScript code
Microsoft: WizardUpdate Mac malware adds new evasion tactics
State-backed hackers breach telcos with custom malware
FontOnLake malware infects Linux systems via trojanized utilities
New UEFI bootkit used to backdoor Windows devices since 2012
Not a member yet? Register Now
Russian ransomware gangs start collaborating with Chinese hackers
US, UK warn of Iranian hackers exploiting Microsoft Exchange, Fortinet
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Google Calendar now lets you block invitation phishing attempts

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsNew ransomware now…

Lockean multi-ransomware affiliates linked to attacks on French orgs

Ukraine links members of Gamaredon hacker group to Russian FSBSamsung Galaxy S21…

Police arrests ransomware affiliate behind high-profile attacks

New zero-day exploit for Log4j Java library is an enterprise nightmareALPHV BlackCat…

Russian 'King of Fraud' sentenced to 10 years for Methbot scheme

HPE says hackers breached Aruba Central using stolen access keyFBI warns of…