I’ve migrated my clients away from Magento as it’s a real pain to keep updated…:
[…] Cybercriminals operating under the Magecart umbrella group are exploiting an old vulnerability in a Magento plugin to insert credit card data-skimming malware on sites built on the ecommerce platform.
In an alert earlier this month, the FBI described the latest attacks as involving CVE-2017-7391, a three-year old—and long since patched—cross-site scripting vulnerability in the Magmi 0.7.22 mass importer for Magento.
The malware allowed the attackers to gather payment-card data and other information belonging to cardholders such as their names, email addresses, physical addresses, and phone numbers. The criminals encrypted the stolen data and stored it in a JPEG dump file they had created. They later used the web shell to extract the dump file using HTTP GET requests, the FBI said.
The alert provided indicators of compromise that organizations running Magento could use to protect their site against the Magecart attacks.