Magecart Plants Card Skimmers via Old Magento Plugin Flaw

I’ve migrated my clients away from Magento as it’s a real pain to keep updated…:

[…] Cybercriminals operating under the Magecart umbrella group are exploiting an old vulnerability in a Magento plugin to insert credit card data-skimming malware on sites built on the ecommerce platform.

In an alert earlier this month, the FBI described the latest attacks as involving CVE-2017-7391, a three-year old—and long since patched—cross-site scripting vulnerability in the Magmi 0.7.22 mass importer for Magento.

According to the FBI, the attackers breached a US Magento e-commerce site via the vulnerable plugin and placed malicious JavaScript code on checkout pages where users submit payment card data and personal information. The attackers also retrieved administrator credentials and downloaded web shells that allowed them to install other malware and maintain a persistent presence on the site.

The malware allowed the attackers to gather payment-card data and other information belonging to cardholders such as their names, email addresses, physical addresses, and phone numbers. The criminals encrypted the stolen data and stored it in a JPEG dump file they had created. They later used the web shell to extract the dump file using HTTP GET requests, the FBI said.

The alert provided indicators of compromise that organizations running Magento could use to protect their site against the Magecart attacks.

[…]

Original article here