Hackers exploit plugin vulnerabilities, FBI warns

The hackers also plant a malicious script that records and steals buyers' payment card data. This type of attack is known as web skimming, e-skimming, or Magecart, and the FBI previously warned about a rise in attacks in October 2019.

In this campaign, attackers are exploiting CVE-2017-7391, a vulnerability in MAGMI (Magento Mass Import), a plugin for Magento-based online stores. The vulnerability is a cross-site scripting (XSS) bug that allows the attacker to plant malicious code inside an online store's HTML code. By exploiting this vulnerability, hackers intend to steal environment credentials for a Magento online store, which they're using to take full control over the targeted sites. Once they gain access to the sites, they plant web shells for future access and start modifying the site's PHP and JavaScript files with malicious code that records payment details entered on the store when users buy and pay for new products.