Cybercriminals are exploiting an old vulnerability in the Magento ecommerce platform to compromise online shops and steal sensitive information, using a piece of malware disguised as the patch designed to address the flaw.