Mimo Hacks Magento to Steal Card Data, Hijack Bandwidth

The cybercriminal group known as Mimo has shifted its focus from Craft CMS to Magento ecommerce platforms, escalating its attacks on high-value financial targets. In its latest campaign, Mimo hacks Magento systems by exploiting vulnerabilities in PHP-FPM, allowing unauthorized access to sensitive customer data and backend controls.

Researchers at DATADOG Security Labs uncovered the campaign while investigating multiple ecommerce site breaches in 2025. They found that Mimo hacks Magento deployments not only to steal payment card details but also to monetize compromised systems through cryptocurrency mining and bandwidth theft using residential proxies.

Mimo has expanded its reach beyond Magento, targeting Docker containers through misconfigured Engine API endpoints. The group uses tools such as GSocket for encrypted command-and-control and employs stealthy tactics like memory-only malware execution via memfd_create(). These techniques help Mimo evade detection and maintain long-term access.

Read the full article here:

Threat Actor Mimo Attacking Magento CMS to Steal Card Details and Bandwidth Monetization