The hackers also plant a malicious script that records and steals buyers' payment card data. This type of attack is known as web skimming, e-skimming, or Magecart, and the FBI previously warned about a rise in attacks in October 2019.
In this campaign, attackers are exploiting CVE-2017-7391, a vulnerability in MAGMI (Magento Mass Import), a plugin for Magento-based online stores. The vulnerability is a cross-site scripting (XSS) bug that allows the attacker to plant malicious code inside an online store's HTML code. By exploiting this vulnerability, hackers intend to steal environment credentials for a Magento online store, which they're using to take full control over the targeted sites. Once they gain access to the sites, they plant web shells for future access and start modifying the site's PHP and JavaScript files with malicious code that records payment details entered on the store when users buy and pay for new products.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.