Hackers are using a sneaky way to steal payment card data from websites using Magento. The attackers are injecting malicious code into Magento’s Magento e-commerce platform. The stolen data is then encrypted using a public encryption key that is included in the malicious script. Attackers can collect any data submitted by a user to Magento but filter out anything that doesn’t look like credit card data. The attack script is then saved in a fake image file, saving the data in plain text.”]
Source: https://www.csoonline.com/article/2941275/magento-ecommerce-platform-targeted-with-sneaky-code.html