Hackers are collecting payment card data from Magento stores, hiding the stolen data inside JPG images, which they're downloading from infected stores without raising any suspicions.

During the past year, attackers have shifted their gaze towards online e-commerce platforms, where they found a fertile ground for collecting payment card data which, in most cases, they later sell on underground hacking and carding forums. With over 5,700 websites currently infected with malware, and with over 100 of those infected with the recently discovered MageCart malware, hacking e-commerce sites has become a common practice in recent months.

Webmasters using Magento need to stay alert against KimcilWare ransomware, which has now begun targeting the website management system. Magento, used by over 200,000 companies worldwide, is an e-commerce system which powers a vast range of websites and provides the back end for systems and functionality. 

However, if a cyberattacker is able to compromise the server-side aspect of a Web domain, they may be able to steal sensitive data, infiltrate databases and potentially hijack websites as a result. In e-commerce cases, the scenario can be worse as financial information may be involved.

Websites running the Magento CMS are being infected with malware in a fresh campaign which has impacted thousands of domains in a matter of days. Over the weekend, researchers from Sucuri Labs said the attack involves the injection of malicious scripts through iframes from guruincsite.com.

There are two modified versions of the infection, and while one is obfuscated, the other is not -- giving security teams a virtual beacon to track the malicious domain involved in this latest attack on content management systems. According to the team, Google has already blacklisted almost 8,000 infected websites over the past 90 days.