Skip to content

Hackers steal payment data from Ray-Ban, Whirlpool and others

  • by
  • 2 min read

Thousands of online stores operated by well-known brands, including Ray-Ban, National Geographic, Whirlpool, and Segway, have been compromised by cybercriminals exploiting a critical vulnerability known as CosmicSting (CVE-2024-34102). This flaw is found in Adobe’s Commerce and Magneto platforms and allows attackers to siphon shoppers’ payment card details during transactions.

Researchers have discovered at least seven cybercriminal groups that have exploited this vulnerability breaching over 4,200 stores — around 5% of all Adobe Commerce and Magneto websites, reports The Register.

The flaw is classified as an XML External Entity (XXE) vulnerability, allowing attackers to manipulate a site’s pages and insert malicious JavaScript. This enables criminals to intercept payment details and other sensitive information, such as login credentials, without users noticing.

By exploiting CosmicSting, hackers gain unauthorised access to eCommerce platforms, tampering with checkout pages and stealing data as customers enter it. These attacks have surged despite Adobe releasing a patch for the vulnerability on June 11, 2024.

Typically, when one group infiltrates a site using Magecart tactics, they lock out other attackers. However, CosmicSting has led to infighting, with different groups repeatedly evicting each other from the same stores.

This is an image of cyber security internet security featured

In their campaigns, cybercriminals use CosmicStings to retrieve secret Magneto keys, which are then used to generate tokens granting them unrestricted access to a store’s Magneto API. This enables attackers to alter any webpage hosted on a vulnerable platform, including checkout pages where sensitive data is entered.

While CosmicSting poses an immediate threat by allowing data theft, attackers can combine it with another flaw, CVE-2024-2961, a high-severity buffer overflow in the ‘glibc’ library on Linux systems. When used together, these flaws allow criminals to execute remote code and install persistent backdoors on the host server, granting them long-term control over compromised systems.

It is still unclear whether the affected brands have fully patched their systems or notified customers.

Researchers have urged retailers using these platforms to apply security patches immediately and monitor their sites for signs of malicious activity.

In the News: Patched CUPS flaw could amplify DDoS attacks by 600x

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>