FBI issues ‘flash alert’ warning that hackers are planting Magecart-style payment card-skimming code on Magento-powered online stores running an out-of-date plugin. Cybercriminals were able to infect an unnamed US ecommerce website with a Javascript code that could steal payment card data and personal information entered by shoppers as they attempted to purchase items. The attack was carried out after the exploitation of the CVE-2017-7391 XSS vulnerability in the Magento Mass Import (MAGMI) plugin. The MAGMI plugin only works on websites powered by Magento 1.x.”]
Source: https://grahamcluley.com/fbi-warns-hackers-magento-plugin/

