Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that’s capable of stealing payment information from compromised websites.
The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms, researchers from Sansec Threat Research said in an analysis. After a day and a half, the attacker found a file upload vulnerability in one of the store’s plugins. The name of the affected vendor was not revealed.