According to the Federal Bureau of investigation, hackers exploiting a flaw in a plugin from Magento to hack online shops. The vulnerability found in Magneto is cross-site scripting (XSS) that allows the hacker to inject a malicious script inside the online store source code.
Payment Information which been recorded from user purchases is then encrypted in a Base64 format, enclosed inside a JPEG image and submitted towards the attacker server. Such form of attack is referred to as web skimming or e-skimming.
The Plugin found with the bug is Magmi which was found three years ago more or less an update is available Magmi-git 0.7.23 to fix XSS bug that enables initial storage access for attackers.
The FBI alert provides compromise (IOC) indicators which Magento provider can be used to prevent attachments to their websites in their web application firewalls.
CONTINUE READING
