PolyShell malware Magento stores are under unprecedented assault. A critical vulnerability in Magento Open Source and Adobe Commerce version 2 REST API allows attackers to upload polyglot files—images that embed executable PHP code—triggering remote code execution or account takeover depending on server configuration. Discovered by Sansec Forensics Team and publicly disclosed March 17, 2026, the flaw affects all versions up to 2.4.9-alpha2. Adobe issued a patch in beta form on March 10, 2026, but no production release has followed.
Key Takeaways
- PolyShell malware Magento attacks hit 56.7% of vulnerable stores by March 24, 2026, just days after disclosure.
- Attackers upload polyglot files via REST API without authentication, bypassing traditional upload protections.
- Payment skimmers using WebRTC protocol evade content security policies and HTTP-based detection.
- Adobe’s beta patch leaves production stores exposed; mass scanning from over 50 IP addresses ongoing.
- Related defacement campaign since February 27 compromised 7,500+ domains including Asus, FedEx, Toyota, and Yamaha.
The PolyShell Malware Magento Vulnerability Explained
PolyShell exploits a flaw in how Magento and Adobe Commerce handle file uploads in the REST API. Attackers craft polyglot files—valid image files that simultaneously contain executable PHP code. When uploaded through the cart item custom options endpoint, these files persist on disk even if initial execution is blocked. If the web server is configured to process PHP in upload directories, attackers gain immediate remote code execution. Alternatively, if PHP execution is blocked but files are served through the web root, the vulnerability enables stored cross-site scripting (XSS) attacks that steal session cookies and compromise admin accounts.
The attack requires no authentication. Any unauthenticated user can trigger the upload via the REST API, making every Magento store running vulnerable versions an open target. According to Sansec, blocking access to the API endpoint does not prevent uploads—attackers still deposit malicious code on disk even when responses are blocked. This means standard rate-limiting and access controls offer minimal protection.
Mass Exploitation Timeline and Scale
Active exploitation began March 16-19, 2026, within hours of Sansec’s initial warning to customers. By March 19, mass scanning commenced from over 50 distinct IP addresses probing Magento instances worldwide. The scale escalated rapidly. As of March 24, Sansec reported that 56.7% of all vulnerable stores had been successfully compromised with malicious PHP uploads. Even stores using Sansec’s Shield protection were targeted—23% of protected stores faced attack attempts since March 16, though protection prevented successful exploitation.
This timeline reveals a critical vulnerability in the patch release process. Adobe fixed PolyShell in version 2.4.9-beta1, released March 10, 2026. However, no stable production version containing the fix has been released. Store operators cannot safely upgrade to a beta version in production environments. The gap between beta patch and stable release has left tens of thousands of stores defenseless against active, ongoing attacks.
Payloads and Post-Compromise Damage
Attackers deploying PolyShell malware use sophisticated post-compromise tactics. Initial payloads include simple PHP web shells granting arbitrary code execution, as well as password-protected RCE shells using system() functions. More alarming is a novel WebRTC-based payment card skimmer that evades traditional detection. This skimmer uses DTLS-encrypted UDP traffic to exfiltrate payment data, bypassing content security policies and HTTP-based monitoring tools designed to catch JavaScript injections.
Once a store is compromised, attackers pursue multiple monetization paths. Payment skimming injects malicious JavaScript into checkout pages to harvest credit card data. Data exfiltration steals customer PII, order histories, and admin credentials for lateral movement. Some attacks deploy ransomware or recruit compromised servers into botnets. Particularly dangerous are backdoors designed to survive store upgrades, ensuring persistent access even after administrators patch the PolyShell flaw.
Related Defacement Campaign and Broader Context
A parallel defacement campaign since February 27, 2026, has compromised approximately 15,000 hostnames across 7,500 domains, including major brands like Asus, FedEx, Fiat, Lindt, Toyota, and Yamaha. One targeted car manufacturer is valued at over $100 billion. While the timing suggests a connection to PolyShell, the exact relationship between these defacements and the REST API vulnerability remains unclear. Regardless, the scale of the campaign underscores how widely Magento is deployed across enterprise e-commerce ecosystems and how vulnerable that ecosystem currently is.
Why Traditional Defenses Fail
Standard web application firewalls (WAF) that block suspicious API requests do not protect against PolyShell because the file upload itself is the attack vector. Blocking response traffic does not prevent the upload from completing—malicious code lands on disk regardless. This architectural flaw means organizations cannot rely on network-level controls alone. Sansec explicitly warns that specialized WAF rules designed specifically for PolyShell detection are necessary. Stores using generic security tools remain exposed.
Additionally, the lack of a production patch forces all unpatched stores into a holding pattern. Upgrading to a beta version risks stability and support issues. Waiting for a stable release leaves stores vulnerable to ongoing mass scanning campaigns. Many store operators face an impossible choice: take on the risk of a pre-release version or remain under active attack.
What Store Operators Should Do Now
For stores running Magento 2 or Adobe Commerce, immediate action is essential. Implement specialized WAF rules targeting PolyShell uploads—Sansec provides indicators of compromise (IOCs) for detection. Monitor upload directories and REST API logs for suspicious polyglot files or PHP shells. Scan existing systems for backdoors and web shells already deployed by attackers. Change all admin credentials immediately, as compromised stores likely had credentials exfiltrated. For stores that have been hit, forensic investigation is critical to identify all persistence mechanisms before patching.
Organizations should also prepare for the stable patch release. Develop and test an upgrade plan now so that deployment can occur immediately when Adobe releases 2.4.9 in production form. Delaying the upgrade once it is available will only extend the attack window.
Is there a timeline for Adobe’s production patch?
Adobe released a patch in version 2.4.9-beta1 on March 10, 2026, but has not announced a stable production release date. Store operators cannot reliably deploy beta versions in production, leaving a dangerous gap between vulnerability disclosure and a usable fix.
Can WAF rules stop PolyShell attacks?
Standard WAF rules blocking API access do not prevent file uploads from completing—malicious code lands on disk even when responses are blocked. Specialized WAF rules designed specifically for PolyShell detection are necessary to block the upload itself, according to Sansec threat research.
What happens if a store is already compromised?
Compromised stores require immediate forensic investigation to identify backdoors, web shells, and exfiltrated data. Change all admin credentials, scan for persistence mechanisms, and implement enhanced monitoring before patching. Payment card data may have been stolen, triggering notification obligations under PCI-DSS and regional privacy laws.
PolyShell malware Magento attacks represent a rare convergence of factors: a critical vulnerability, zero days of delay between disclosure and mass exploitation, and no production patch to stop the bleeding. Store operators cannot wait for Adobe to release a stable version—they must implement detection and response measures now while preparing for an upgrade the moment a production patch becomes available. The 56.7% compromise rate shows that waiting is not an option.
This article was written with AI assistance and editorially reviewed.
Source: TechRadar
