FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin

Graham Cluley @gcluley

FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin

ZDNet reports that the FBI has issued a “flash alert” warning that hackers are planting Magecart-style payment card-skimming code on Magento-powered online stores running an out-of-date plugin.

According to the alert, cybercriminals were able to infect an unnamed US ecommerce website with a Javascript code that could steal payment card data and personal information entered by shoppers as they attempted to purchase items.

Sneakily, the attackers exfiltrated the sensitive data (which included the payment card number, the card holder’s name, card expiry date, security code, as well as the purchaser’s address, email address, telephone number, and physical address) encoded within a JPG image file.

Skimming code
A decoded snippet of the card-skimming code.

The attack was carried out after the exploitation of the CVE-2017-7391 XSS vulnerability in version 0.7.22 of the Magento Mass Import (MAGMI) plugin.

That vulnerability was discovered in 2017, but disappointingly there are clearly online stores still using the unsafe version of the MAGMI plugin on their Magento-powered store.

As ZDNet points out, updating to the patched version 0.7.23 of the MAGMI plugin is a good idea, but not a long term solution. That’s because the MAGMI plugin only works on websites powered by Magento 1.x, which is due to reach its end of life at the end of next month.

Email Sign up to our newsletterSign up to Graham Cluley’s newsletter - "GCHQ"
Security news, advice, and tips.

In short, if you want to keep your online store secure you should not just be updating the MAGMI plugin, but also looking at how you’re going to upgrade to Magento version 2.x from Adobe if you want to continue to receive security updates for the ecommerce platform.

The Coronavirus pandemic must be proving a boon to online criminals who are trying to skim credit card details from unsuspecting online purchasers, for a number of reasons:

  • Many businesses, faced with an inability to sell products face-to-face, have scurried to build an ecommerce site, or dusted off online presences that were not promoted to before, and not enough care may have been taken to ensure that they are updated and secure.
  • Other businesses, with their IT teams based at home rather than the office, may have neglected the security of their websites.
  • More people than ever are buying goods online that they might have normally preferred to purchase in “real life.”

Stay safe folks, and if you’re running a website that requests sensitive information from the public please do ensure that it is properly updated with the latest security patches.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “FBI warns hackers are planting card skimmers on online stores running a vulnerable Magento plugin”

  1. How do I, as a customer, or potential customer, determine uf a site is safe?
    Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.