Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information.
“Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites,” the company noted in an advisory published on July 22.
PrestaShop is marketed as the leading open-source e-commerce solution in Europe and Latin America, used by nearly 300,000 online merchants worldwide.
The goal of the infections is to introduce malicious code capable of stealing payment information entered by customers on checkout pages. Shops using outdated versions of the software or other vulnerable third-party modules appear to be the prime targets.
The PrestaShop maintainers also said it found a zero-day flaw in its service that it said has been addressed in version 220.127.116.11, although they cautioned that “we cannot be sure that it’s the