It looks that hackers are exploiting another zero-day flaws on popular eCommerce platform "Magento" owned by eBay, for stealing credit card details.
Currently security firm Sucuri researchers are investigating on the issue and they believe that hackers are injecting malicious code into Magento core file or some widely used extensions, in order to steal users credit card details.
At the mean time Sucuri researchers have found an attack script that pilfers the content of every POST request and identifies valuable payment card data before storing it in an encrypted form that only the attacker can decrypt.
Peter Gramantik, senior malware researcher of Sucuri wrote -
Currently security firm Sucuri researchers are investigating on the issue and they believe that hackers are injecting malicious code into Magento core file or some widely used extensions, in order to steal users credit card details.
Peter Gramantik, senior malware researcher of Sucuri wrote -
The sad part is that you won’t know it’s affecting you until it’s too late, in the worst cases it won’t become apparent until they appear on your bank statements.This is not the first time that hackers are targeting Magento CMS in a wild. Back in April, a critical Remote Code Execution Flaw in Magento allowed hackers to fully compromise any online store powered by Magento and thereby gain access to credit card data and other financial, and personal information related to the customers.
You can read the full details about the latest threats on Magento from here, and get the in-depth details about the issue.