“Magento and Adobe Commerce are no strangers to threat actors, given their widespread use for powering ecommerce stores and handling payment card data,” Benjamin Harris, CEO of security firm watchTowr, told CSO. “We can expect serious vulnerabilities like this one to enable Magecart-style attacks and payment data theft. Given the history of in-the-wild exploitation against Magento and the emergency nature of this update, we strongly urge organizations to patch immediately.”
Magecart refers to a class of attacks in which hackers compromise online stores and inject malicious scripts into payment forms to steal customer payment card data during checkout. These scripts, also known as web skimmers, have been used by multiple attacker groups, but the term Magecart derives from Magento, one of the first platforms targeted with this technique through vulnerable extensions.
While web skimming and form-jacking dominated the ecommerce threat landscape between 2010 and 2020, Magecart-style attacks remain active. Ecommerce security firm Sansec reports adding on average 30 new web skimming signatures per day last year.