Researchers are encouraging developers who use Magento to remain vigilant about securely configuring their sites, as attackers have been embedding credit card swipers in sites running the open source e-commerce platform.
The swipers, or scrapers, are bits of malicious code that collect credit card numbers, login details and other information and forward it to attackers. While criminals have been targeting sites running the platform for months, they’ve only just recently started embedding that information in obscure image files.
In an even more confounding twist, in one recent instance an image that was hiding stolen credit card numbers was legitimate and publicly viewable, meaning an attacker wouldn’t even have to go to the trouble of accessing the site to get the information. They could simply view or download the image from the affected site.