Many online stores are being hit by this old vulnerability

News
By published

Hackers exploit flaw in Magento plugin to steal card data and take over online stores

Best credit card processing service
(Image credit: Pixabay)

Hackers are taking over online stores and stealing customers' payment card data by exploiting a three-year-old vulnerability in a Magento plugin according to the FBI.

This kind of attack is known as web skimming or Magecart and in October of last year, the FBI issued a similar warning about an increase in these types of attacks.

As reported by ZDNet, attackers are exploiting a vulnerability, tracked as CVE-2019-7391, in the MAGMI (Magento Mass Import) plugin for Magento-based online stores in this latest campaign. The vulnerability is a cross-site scripting (XSS) bug that allows an attacker to plan malicious code inside of an online store's HTML code.

According to the FBI, the hackers are exploiting this vulnerability in order to steal environment credentials from online stores running Magento which they then use to take full control over targeted sites.

MAGMI plugin vulnerability

Once an attacker gains access to a site running the vulnerable plugin, they then plant web shells for future access and begin modifying the site's PHP and JavaScript files with malicious code that records customers' payment details. This payment card data is then encoded in the Base64 format, hidden inside a JPEG file and sent to the hackers' server.

The malicious server used by the hackers behind this latest campaign is used by the cybercrime service Inter which rents out infrastructure to low-skilled hacking groups so that they can launch web skimming operations.

Updating the MAGMI plugin to version 0.7.23 is highly recommended for online stores using the plugin as this fixes the XSS bug that hackers use to gain entry to the stores in the first place. Unfortunately though, the plugin only works for older versions of Magento stores running the 1.x branch that is set to reach end-of-life this June.

The FBI's flash alert also contains indicators of compromise (IOCs) that Magento users can deploy inside their web application firewalls to prevent attacks against their sties.

Via ZDNet

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
person at a computer
Many workers are overconfident at spotting phishing attacks
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Latest in News
person at a computer
Many workers are overconfident at spotting phishing attacks
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
More about security
Money

Financial leaders still rely on regular tools like Excel for automation tasks over AI
Half man, half AI.

Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams
person at a computer

Many workers are overconfident at spotting phishing attacks
See more latest
Most Popular
person at a computer
Many workers are overconfident at spotting phishing attacks
BraX3
This obscure brand wants to launch the most privacy-friendly smartphone ever without Google, but with a mysterious open-source OS at its core
HAMR
Seagate reportedly sold two billion GBs worth of storage to two of the world's largest tech companies
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
Oracle
Bluehost owner is moving to Oracle Cloud, so could thousands of websites be about to migrate?
Money
Financial leaders still rely on regular tools like Excel for automation tasks over AI
Two examples of the Asus Fragrance Mouse MD101 sitting on a table
Your next computer mouse could have a fragrance compartment for aromatherapy oils – and this Asus idea is nothing to sniff at