Magento is designed for e-commerce purchases and is used by over 200,000 users, many of whom are on eBay, which owns the company.
According to a post on The Hacker News, the authors likely behind the attack are apparently injecting malicious code into the Magento core file or into one of the widely used modules or extensions in order to capture payment data.
This isn’t the first time a vulnerability has made Magento unsafe. In April, a remote code execution flaw gave hackers a way in. The company issued a patch (SUPEE-5344), but the hackers are still at it, creating fake admin accounts to capture users’ data and actively seek those users who have not installed the patch.
Another campaign used “malvertising” to secure the card info of less-than-careful customers.
Now, Sucuri Security’s lead malware researcher, Peter Gramantik, has found “an attack script that pilfers the content of every POST request and identifies valuable payment card data before storing it in an encrypted form that only the attacker can decrypt,” he wrote in a blog post.
Gramantik warned that it is a stealth move and “in the worst cases it won’t become apparent until (the fraudulent charges) appear on your bank statements.”
The stolen information is captured in a fake image file which, if opened by anyone but the thieves, will look like nothing more sinister than a broken image.
Correction: An earlier version of this article misidentified the nature of Magento’s system.
Illustration by Jason Reed