At least seven criminal groups are responsible for a significant increase in TrojanOrders attacks on Magento 2 websites, which exploit a flaw that allows malicious actors to infect vulnerable servers.

Sansec, a website security firm, said that the assaults target nearly 40 percent of all Magento 2 websites, with cybercriminal gangs battling to control affected pages.

During the popular Black Friday and Cyber Monday season, the attacks are used to inject malicious JavaScript code into online stores’ websites, causing interruption and customer credit card fraud at scale.

The holiday season

The trend is predicted to continue as we approach Christmas, when internet retailers are at their busiest and most vulnerable. The TrojanOrders attack is named after the major Magento 2 CVE-2022-24086 vulnerability, which allows unauthorized attackers to execute arbitrary code and inject remote access trojans (RATs) on unpatched websites.

Adobe patched CVE-2022-24086 in February 2022, but Sansec claims that many Magento sites are still vulnerable. According to the security firm, about one in three Magento and Adobe Commerce stores have yet to be patched thus far.

Recent spike

Analysts at Sansec believe there are various causes for the recent spike in attacks using this vulnerability. First, even ten months after the updates were released, many Magento 2 sites remain unpatched.

Second, PoC (proof of concept) exploits have long been accessible, allowing exploit kit developers to include them in tools sold to unskilled hackers. These exploit kits are so plentiful that they can be purchased for as little as $2,500, even though they reportedly cost between $20,000 and $30,000 earlier this year.

Finally, the timing is optimal since websites see higher traffic in the period leading up to Christmas, which means fraudulent orders and code injections can go unnoticed.

Tip: ’29 percent of WordPress vulnerabilities remain unpatched’