Cybercriminals are using a simple yet effective method to ensure that their malicious code is added back to a hacked website after it has been removed. To achieve this, criminals are hiding their ‘credit card stealer reinfector’ code inside the default configuration file (config.php) of Magento website. Similar technique can also be used against websites based on Joomla and WordPress to hide malicious code. More than 250,000 online stores use Magento e-commerce platform, which makes them an enticing target for hackers.
Source: https://thehackernews.com/2018/06/magento-security-hacking.html