The FBI has issued an alert mentioning hackers are exploiting an old vulnerability on an e-commerce platform's plugin to snitch payment card information. The vulnerability FBI mentioned was found on the open-source e-commerce platform Magento around three years back. The Magento plugin vulnerability could take over the financial credentials of the victim through the infamous e-skimming methods.
According to the FBI statement, the attackers would also gain over the victimized sites to steal financial credentials from the Magento powered online store. The attack method FBI has explained broadly classified as Magecart, e-skimming, or web-skimming, which gets executed by injecting a malicious javascript code. The many Magecart actors are also capable of injecting web-skimming code and exfiltrate the stolen data via some standard request methods.
How the Attack Happens
FBI has issued an alert for the US-based private sector companies concerning the threat. According to the alert, the threat actors in the latest instance were exploiting a vulnerability CV-2017-7391 found in a Magento plugin named MAGMI or Magento Mass Import to gain control over an online store site and implant skimmer codes to steal its customer's financial data.
Interestingly the stolen data were sent to the attacker's server by appending the data inside JPEG image files to stay under the radar. ZDNet reports that the server IP is owned by a cybercrime service provider named Inter. The report claims that Inter offers cybercrime-related infrastructures to amateur hacker groups or skiddies to execute e-skimming operations even without having enough knowledge. The server has been up and running since May 2019.
The FBI has also issued a list of recommendations for the Magento e-commerce store owners along with the alert. FBI has suggested updating the MAGMI plugin to the latest version 0.7.23 and the Magento to 2.x version for receiving regular updates.
Previous Magecart Victims
Magecart or e-skimming attacks have become prevalent since the beginning of last year. During the thanksgiving festival in 2019, firearms and outdoor sports merchandise maker American Outdoor Brands websites were taken over by a Magecart hacking operation. The hack compromised around 780 people's payment card information. Similar e-skimming attacks had also compromised large enterprises such as Macy's, Puma, and Ticketmaster.
While the Magecart attack on Macy's executed in October 2019, sports apparel maker Puma and Ticketmaster in April 2019 and June 2018.
