Magento Payment Card Skimming Vulnerability Requires Immediate Action

Actions to Take

Bring this Support Notice to the attention of your IT department or webmaster.

Problem

All versions of Magento 1.x software and plugins are being actively exploited by cybercriminals to skim credit card numbers and personal information from site users.

Essent Service Impact Analysis

Essent does not provide any Magento-based services and no Essent products or services are vulnerable to this exploit. This notice is being offered as a courtesy to our customers who maintain custom integration points.

Corrective Action

No corrective action is required for Essent products or services. Essent encourages customers running affected versions of Magento to perform their own evaluation as soon as possible and upgrade any affected sites to a supported version of Adobe Commerce immediately.

More information

Attackers exploited vulnerabilities in an unsupported version of Magento and a common plugin to obtain administrator access to the site. Once administrator access was obtained, persistent backdoors were installed, and a credit card skimmer was added to the checkout sequence.

• https://sansec.io/research/naturalfreshmall-mass-hack
• https://arstechnica.com/information-technology/2022/02/hundreds-of-e-commerce-sites-booby-trapped-with-payment-card-skimming-malware/