Hackers are collecting payment card data from Magento stores, hiding the stolen data inside JPG images, which they're downloading from infected stores without raising any suspicions.

During the past year, attackers have shifted their gaze towards online e-commerce platforms, where they found a fertile ground for collecting payment card data which, in most cases, they later sell on underground hacking and carding forums. With over 5,700 websites currently infected with malware, and with over 100 of those infected with the recently discovered MageCart malware, hacking e-commerce sites has become a common practice in recent months.

Webmasters using Magento need to stay alert against KimcilWare ransomware, which has now begun targeting the website management system. Magento, used by over 200,000 companies worldwide, is an e-commerce system which powers a vast range of websites and provides the back end for systems and functionality. 

However, if a cyberattacker is able to compromise the server-side aspect of a Web domain, they may be able to steal sensitive data, infiltrate databases and potentially hijack websites as a result. In e-commerce cases, the scenario can be worse as financial information may be involved.