WooCommerce Credit Card Stealer Found Implanted in Random Plugins

TCM bank hacked

Card skimming and card details theft is one such innovative attack that seldom fails. Recently, researchers uncovered another active campaign exploiting WordPress plugins running on e-commerce websites to steal customer card details.

WordPress Plugins Exploited To Steal Shoppers’ Card Details

In a recent blog post, Sucuri has shared details of an ongoing malicious campaign targeting online stores. As revealed, the hackers behind this campaign infect WordPress plugins running on e-commerce websites to steal customers’ card data.

The campaign caught Sucuri’s attention after a victim reached out to them for inspection upon receiving numerous customer complaints about “unauthorized activity” on their cards.

As elaborated, the malware didn’t precisely run as a script on the infected web page. Instead, the malware ran on the backend. Hence, upon inspecting logs, the researchers noticed that the malware mainly exploited a WordPress plugin running on the website.

Again, the malicious code seemed harmless. However, analyzing it thoroughly made the researchers realize the hidden malignancy. Describing how this malware distinguished itself from other skimmers, the post reads,

Most credit card skimmers that we come across are heavily encoded and use complicated obfuscation techniques and are usually fairly easy to spot once you see them. Not so in this case. All we see here is what appears to be normal plugin code referencing thumbnails and comments.

Technical details about the code are available in the researchers’ post.

Be Wary Of Card Skimmers

Card skimming is one the most lucrative and stealth attack tactics from cybercriminals to make money. Plus, the rising innovations in developing sneaky skimming attacks have made it a favorite for most hackers, especially during the peak days of the year.

Given that holidays are around the corner, Sucuri warns all e-commerce store owners to stay vigilant about their sites’ security. Running regular scans is one of the most effective strategies to prevent such threats.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients