A great article I found by Chris Brook regarding a malicious function snuck into SF9Realex, a module that helps sites store customer card data for one-click checkout.
Click here for full article.
“Attackers continue to take aim at the e-commerce platform Magento. Researchers said last week they came across a malicious function snuck into one of the platform’s modules in order to steal credit card information. Code for the function was injected into a .php file for SF9 Realex, a module that helps sites store customer credit card data for the one-click checkout functionality commonly used by repeat customers. The module interacts with the Realex RealAuth Remote and Redirect systems, “very popular solutions in the Magento community,” according to Bruno Zanelato, a researcher with the firm Sucuri, who found the malicious function.”
“According to researchers, the attacker uses binlist.net, a public web service for searching issuer identification numbers (IIN), to help identify which bank each card is associated with.”
“Magento credit card stealers are indeed on the rise,” Zanelato wrote Friday, “While the information here is specific to Magento, realize that this can affect any platform that is used for ecommerce. As the industry grows, so will the specific attacks targeting it.”