Hackers use a helpdesk widget to launch XSS attacks to take control of the backend of Magento e-commerce websites & infect them with card stealer malware.