Hackers exploit plugin vulnerabilities, FBI warns


The hackers also plant a malicious script that records and steals buyers' payment card data. This type of attack is known as web skimming, e-skimming, or Magecart, and the FBI previously warned about a rise in attacks in October 2019.

In this campaign, attackers are exploiting CVE-2017-7391, a vulnerability in MAGMI (Magento Mass Import), a plugin for Magento-based online stores. The vulnerability is a cross-site scripting (XSS) bug that allows the attacker to plant malicious code inside an online store's HTML code. By exploiting this vulnerability, hackers intend to steal environment credentials for a Magento online store, which they're using to take full control over the targeted sites. Once they gain access to the sites, they plant web shells for future access and start modifying the site's PHP and JavaScript files with malicious code that records payment details entered on the store when users buy and pay for new products.

the paypers logo

The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.

 

The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.

 



No part of this site can be reproduced without explicit permission of The Paypers (v2.7).

Privacy Policy / Cookie Statement

Copyright