Hackers are exploiting Magento flaw to steal payment card info

Attackers are exploiting a vulnerability in eBay’s Magento platform to steal users’ billing information (including payment card info), warns Sucuri Security’s Peter Gramantik.

Magento is one of the most popular content management systems for e-commerce web sites, and is used by many high-profile brands.

“We’re still investigating the attack vectors,” Gramantik noted, and added that it’s also possible that the flaw is not present in the Magento core, but a widely used extension for it.

Wherever the flaw actually is, the unfortunate situation is that it is actively exploited, and allows the attacker to inject malicious code into the Magento core file, which allows it to grab all of the POST requests (data being sent to the server for storage).

“The data is encrypted using the public key that the attacker defines in the beginning of the script,” Gramantik explains. “After the billing data is processed, it’s saved in the fake image file which is also defined in the beginning of the script.”

In previous variation of the attack, the POST content is sent in plaintext form to the attacker’s email.

Apparently, variations of these attacks have been going on for a while now.

“The sad part is that you won’t know it’s affecting you until it’s too late, in the worst cases it won’t become apparent until they appear on your bank statements,” Gramantik noted.

There is not much end users can do to minimize the rist, apart from finding out which platform the site they want to shop from uses, and then avoid those that use Magento.

“While the information here is specific to Magento, realize that this can affect any platform that is used to support eCommerce. As the industry grows so will the specific attacks targeting the industry,” he noted, adding that the solution to this problem is for online merchants to realize that they have to secure their environment through PCI compliance.

Don't miss