into one of the platform ’ s modules in order to stealAttack.Databreachcredit card information . Code for the function was injected into a .php file for SF9 Realex , a module that helps sites store customer credit card data for the one-click checkout functionality commonly used by repeat customers . The module interacts with the Realex RealAuth Remote and Redirect systems , “ very popular solutions in the Magento community , ” according to Bruno Zanelato , a researcher with the firm Sucuri , who foundVulnerability-related.DiscoverVulnerabilitythe malicious function . The function , sendCCNumber ( ) , reroutes credit card information entered by a customer from Magento to an attacker ’ s email address , hidden inside a variable later in the code . The data , encoded in JSON , arrives in the attacker ’ s inbox without the victim being any the wiser . According to researchers , the attacker uses binlist.net , a public web service for searching issuer identification numbers ( IIN ) , to help identify which bank each card is associated with . Zanelato said Friday that attackers are going greater lengths to target credit card data , especially in e-commerce platforms like Magento . “ Magento credit card stealers are indeed on the rise , ” Zanelato wrote Friday , “ While the information here is specific to Magento , realize that this can affect any platform that is used for ecommerce . As the industry grows , so will the specific attacks targeting it ” . Zanelato is quick to point outVulnerability-related.DiscoverVulnerabilitythat there wasn ’ t a vulnerability in Magento that enabled the theft of credit card data . From there the attacker was able to inject script and takeover SF9 Realex . It ’ s the latest in a line of credit card stealers Sucuri researchers have observed taking advantage of Magento , however . Last summer Cesar Anjos , a researcher with the firm looked at one stealer that was loaded from another source . The stealer essentially performedAttack.Databreacha man-in-the-middle attack between the user and the checkout page after credit card information was entered . Last October , Ben Martin , a different researcher with the firm , discovered attackers scrapingAttack.Databreachcredit card numbers and exfiltratingAttack.Databreachthem in obscure , sometimes publicly viewable image files . Researchers with RiskIQ monitored attacks similar to ones described by Sucuri last year . The firm said the attacks it had been monitoring originated from a single hacking group targeting e-commerce platforms such as Powerfront CMS and OpenCart with a web-based keylogger in March 2016