Archive.fm

CyberWire Daily

Behind the Google shopping ad masks. [Research Saturday]

Maxim Zavodchik from Akamai joins Dave to discuss their research on "Xurum: New Magento Campaign Discovered." Akamai researchers have discovered an ongoing server-side template injection campaign that is exploiting digital commerce websites. This campaign targets Magento 2 shops, and was dubbed Xurum in reference to the domain name of the attacker’s command and control (C2) server.  The research states "The attacker uses an advanced web shell named “wso-ng” that is activated only when the attacker sends the cookie “magemojo000” to the backdoor “GoogleShoppingAds” component." The research can be found here: Xurum: New Magento Campaign Discovered

Learn more about your ad choices. Visit megaphone.fm/adchoices

Broadcast on:
23 Sep 2023

Maxim Zavodchik from Akamai joins Dave to discuss their research on "Xurum: New Magento Campaign Discovered." Akamai researchers have discovered an ongoing server-side template injection campaign that is exploiting digital commerce websites. This campaign targets Magento 2 shops, and was dubbed Xurum in reference to the domain name of the attacker’s command and control (C2) server. 

The research states "The attacker uses an advanced web shell named “wso-ng” that is activated only when the attacker sends the cookie “magemojo000” to the backdoor “GoogleShoppingAds” component."

The research can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices