Surge in Magento 2 template attacks


The critical template vulnerability in Magento 2 (CVE-2022-24086) is gaining popularity among eCommerce cyber criminals. The majority of recent Sansec forensic cases concern this attack method. In this article we share our findings of 3 template hacks, and hope it will help you if you are confronted with a similar attack.

Currently, Sansec eComscan is the only malware scanner that detects the injected remote access trojan (see Virustotal).

223sam.jpg attack

All of the observed attacks have be…

Read More