The critical template vulnerability in Magento 2 (CVE-2022-24086) is gaining popularity among eCommerce cyber criminals. The majority of recent Sansec forensic cases concern this attack method. In this article we share our findings of 3 template hacks, and hope it will help you if you are confronted with a similar attack.
Currently, Sansec eComscan is the only malware scanner that detects the injected remote access trojan (see Virustotal).
All of the observed attacks have be…