HomesecurityFBI: Error allowing hackers to attack Magento online stores!

FBI: Error allowing hackers to attack Magento online stores!

The FBI warns that hackers are exploiting a three-year-old bug, which is located in a Magento Plugin, aiming to take full control of online stores and then install a malicious script, which records and steals data from buyers' credit cards. This type of attack is commonly known as "website "skimming", "e-skimming" or "Magecart", while the FBI has warned of a significant increase in such attacks in October last year.

Magento online stores

One was recently revealed campaign who exploits a mistake in Magmi. In particular, in this campaign, hackers are exploiting the bug identified as CVE-2017-7391, a vulnerability in MAGMI (Magento Mass Import) - which is a plugin for online stores that rely on Magento, as the FBI pointed out in an emergency security alert sent to the private sector earlier this month.

FBI hacker error

That said vulnerability is an error bundle between sites (XSS) that allows an intruder to insert a malicious code into the code HTML of an online store. The FBI also notes that many hackers have recently taken advantage of this vulnerability, with the ultimate goal of stealing. credentials environment from a Magento online store, which they use to take full control of targeted sites. They just get access to the targeted ones sites, place web shells for future access and then they start modifying the PHP files and JavaScript of the site with malicious code, which records the payment details entered in a store each time users make payments when purchasing new products. FBI also reports that credit card data recorded during user transactions, then encrypted in Base64 format, is hidden in the bits of a file. JPEG and are sent to server hackers, located at


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.