The FBI says hackers are exploiting a three-year-old vulnerability in a Magento plugin to take over online stores and plant a malicious script that records and steals buyers’ payment card data. This type of attack is known as web skimming, e-skimming, or Magecart, and the FBI previously warned about a rise in attacks in October, last year. In this recent campaign, attackers are exploiting CVE-2017-7391, a vulnerability in MAGMI (Magento Mass Import), a plugin for Magento-based online stores, the FBI said in a flash security alert sent to the US private sector at the start of the month. The vulnerability is a cross-site scripting (XSS) bug that allows the attacker to plant malicious code inside an online store’s HTML code. The FBI says hackers are exploiting this vulnerability to steal environment credentials for a Magento online store, which they’re using to take full control over the targeted sites. Once they gain access to the sites, they plant web shells for future access and start modifying the site’s PHP and JavaScript files with malicious code that records payment details entered on the store when users buy and pay for new products.
Source: ZD Net
