Attackers Exploit Magento Platforms to Steal Card Numbers Using Malicious SVG Image

Attackers are exploiting compromised Magento e-commerce platforms to steal customers' banking card numbers using a malicious SVG image. The campaign involves a tool or malware named PolyShell, which facilitates the data theft. The attack vector specifically targets online stores running Magento, though no specific versions, dates, or CVE identifiers were mentioned. The primary impact is the unauthorized extraction of payment card details from unsuspecting shoppers. No additional technical details about the SVG exploit or PolyShell’s functionality were provided.