Cybercriminals use a three year old vulnerability in plugin Magento

Киберпреступники используют трехлетнюю уязвимость в плагине Magento

The Federal Bureau of investigation reported that cyber criminals are exploiting a three-year vulnerability (CVE-2017-7391) plugin in the MAGMI (Magento Mass Import) to Magento with the goal of hacking into online stores and create a malicious script that can record and steal payment card data of customers.

The problem is a vulnerability cross-site scripting (Cross-Site Scripting, XSS) exploitation allows an attacker to inject malicious code in the HTML code of the online store.

Having access to the sites, the attackers create a web-shell for subsequent access and starts to modify the PHP and JavaScript files of the website with malicious code that records the payment details entered in the store, when users buy and pay for the new products. Payment card data the victim is then encoded in Base64 format, put bits inside the JPEG file and sent to the server of criminals.

According to VirusTotal, the malicious server is a known host for Inter cybercriminal services, which are popular among low-skilled groups who use it for transactions web skimming.

The FBI has published indicators of compromise that operators can deploy Magento in firewalls web applications (WAF) to prevent attacks on their sites.