This new Linux malware targets ecommerce sites ahead of Black Friday

No antivirus solution is able to identify this malware yet, researchers warn

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have discovered a newLinuxbackdoor on compromisedecommerce serversthat intercepts and exfiltrates sensitive customer information, including credit card details.

The malicious agent, dubbed linux_avp is written in Golang, and was discovered by researchers at Sansec, who were approached by an affected merchant who couldn’t seem to get rid ofmalwarefrom his store.

“It [linux_avp] is being deployed around the world since last week and takes commands from a control server in Beijing,”note the researchersin their analysis of the malware.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

The discovery of the malware acrossecommerce storesall around the world comes mere days before theBlack Fridayshopping extravaganza.

Flying under the radar

According to the researchers, the attackers first run automated tests to probeecommerce websitesagainst dozens of known vulnerabilities. As soon as one is found, it installs a backdoor and uploads the linux_avp server agent.

Digesting the technical details about the agent’s functions,BleepingComputerreports that the linux_avp agent injects fake payment forms on checkout pages displayed to customers of the compromised stores. Further analysis reveals that the fake payment form written in PHP is designed to steal and exfiltrate customers' payment and personal information.

The researchers note that the IP address used to fetch the fake payment page, is hosted in Hong Kong and has previously been observed as a skimming exfiltration endpoint in July and August of this year.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sansec notes that it found the malware on several US and EU-based servers, though last checked, no otherantivirusvendor recognized this malware.

Protect your network with one of thesebest firewall apps and services, and shield your computers against all kinds of cyber-attacks with thesebest endpoint protection tools

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well