Hackers have now attacked the online sites who were using a customer support extension built using Magento, as reported by security researcher Willem de Groot. The extension called Mirasvit Helpdesk MX, is used by online merchants to show a “Chat with us” widget on the Magento shops. WebShield, the Hungarian security firm, had reported in September 2017 that Mirasvit Helpdesk extension was vulnerable to two flaws. One enabled hackers to upload files to Magento servers, while another was found to be a banal cross-site scripting issue. According to de Groot, the hackers have this time used the cross-site scripting issue to crack Magento sites. He said that attackers injected the malicious code (XSS payload) in the “Chat with us” widget displayed on Magento stores, whose messages were stored in Magento database. Once injected, the malicious code executed on the pages in the Magento store to collect sensitive payment information of customers from the checkout process. The support…
Is Offshore Hosting For You?
Find out why you too should be hosting offshore. Click here now!