Cybercriminals operating under the Magecart umbrella group are exploiting an old vulnerability in a Magento plugin to insert credit card data-skimming malware on sites built on the ecommerce platform.
In an alert earlier this month, the FBI described the latest attacks as involving CVE-2017-7391, a three-year old—and long since patched—cross-site scripting vulnerability in the Magmi 0.7.22 mass importer for Magento.
According to the FBI, the attackers breached a US Magento e-commerce site via the vulnerable plugin and placed malicious JavaScript code on checkout pages where users submit payment card data and personal information. The attackers also retrieved administrator credentials and downloaded web shells that allowed them to install other malware and maintain a persistent presence on the site.
The malware allowed the attackers to gather payment-card data and other information belonging to cardholders such as their names, email addresses, physical addresses, and phone numbers. The criminals encrypted the stolen data and stored it in a JPEG dump file they had created. They later used the web shell to extract the dump file using HTTP GET requests, the FBI said.
The alert provided indicators of compromise that organizations running Magento could use to protect their site against the Magecart attacks.
Pervasive Threat
Magecart is an umbrella term for a collection of at least seven separate groups that have been placing online card skimmers on hundreds of thousands of e-commerce sites worldwide over the last few years. Some estimates have pegged the ..
Support the originator by clicking the read the rest link below.
