Magento Realex Payments extension hacked to steal payment card data. Experts at Sucuri are observing massive attacks.

Cybercriminals target the Magento platform to steal credit card data. The thieves  have been abusing a payment module to steal payment card data from online shops running on popular Magento e-commerce platform.

According to experts at security firm Sucuri, the hackers are targeting module is the Realex Payments Magento extension (SF9), that integrates with the Realex Realauth Remote payment gateway.

The extension allows the administrators of Magento installs to process mail and telephone orders by entering the payment details.

The experts highlighted that the Realex Payments extension is not affected by any vulnerability, the attackers are abusing it once the Magento installation is compromised

The researchers at Sucuri noticed that crooks added a malicious function called sendCcNumber() to an SF9 file named Remote.php.

The function gathers personal and financial data entered by users and sends it back to an email address controlled by the attacker.