Researcher: Hackers Trying Magento Again

June 29, 2015

Researcher: Hackers Trying Magento Again With more than 200,000 e-commerce stores using Magento, the e-commerce platform is a ripe target for hackers hoping to steal consumers’ credit card data. Companies have previously uncovered vulnerabilities that have exposed payment card details of consumers using Magento sites and security firm Sucuri says it has found another.

Sucuri researcher Peter Gramantik detailed in a blog post where attackers are inserting the malicious code. The code enables hackers collect any data sent to Magento, but, as written, it pulls out and saves only credit-card data. How that happens, though, is a mystery to researchers.

“We’re still investigating the attack vectors,” Gramantik said. “It seems though that the attacker is exploiting a vulnerability in Magento core or some widely used module/extension. Using this vector, the attacker is able to inject malicious code into the Magento core file. After this code is injected, nothing else happens – the attacker has everything he needs to successfully spy and steal sensitive/personal information from the infected website. In fact, the attacker gets the content of every POST request.  This is more than enough because POST requests contain data being sent to the server for storage.”