Cybercriminals have been abusing a payment module to steal credit card data from online shops powered by the Magento ecommerce platform, web security firm Sucuri reported on Friday.

The targeted module is the Realex Payments Magento extension, which integrates with the Realex Realauth Remote payment gateway. The Realex Payments extension allows Magento store owners to process mail and telephone orders by entering the payment details themselves.

The extension itself is not vulnerable, but attackers can abuse it after they compromise the targeted Magento shop. In the attacks observed by Sucuri, hackers added a malicious function.

The function collects personal and financial data entered by users on the compromised website and sends it back to an email address controlled by the attacker.

Sucuri said it had tracked “massive attacks” where hackers had injected malicious scripts into Magento websites in an effort to steal card data.

“Magento credit card stealers are indeed on the rise. While the information here is specific to Magento, realize that this can affect any platform that is used for ecommerce,” said Bruno Zanelato, malware analyst and team lead at Sucuri. “As the industry grows, so will the specific attacks targeting it. That’s why it is so important to keep your Magento website up to date and apply all the latest security patches!”

These types of attacks are not uncommon, and cybercriminals have used various tricks to evade detection and ensure that their malware is persistent.