WooCommerce Falls to Fresh Card-Skimmer Malware

[silversurfer]

Content source

https://threatpost.com/woocommerce-card-skimmer-malware/154699/

The payment-card stealer differs from typical malware targeting WordPress-based e-commerce environments.

Credit-card-stealing criminals have set their sights on the WordPress plugin known as WooCommerce, an e-tailer platform, with a JavaScript-based card-skimming malware.

Sucuri researcher Ben Martin recently investigated a skimmer attack lodged against a WooCommerce site and found that it differs from prior payment-card campaigns that have targeted WordPress-based e-commerce destinations — in that the malware doesn’t just intercept payment information entered into the fields on a check-out page.

“[Attacks on WooCommerce in the past have] typically been limited to modifications of payment details within the plugin settings,” he explained in a Thursday posting. “For example, forwarding payments to the attacker’s PayPal email instead of the legitimate website owner. Seeing a dedicated credit card swiping malware within WordPress is something fairly new.”

 

[upnorth]

After scanning the infected website, where customers had complained of fraudulent transactions, nothing serious at first seemed amiss, Martin wrote. It took a deeper integrity check of the core files of the site in order to find the stealer.

Rather than simply injecting malicious, third-party code – the typical approach used by Magecart and other groups – the attackers in this attack modified a normally benign JavaScript file that is intentionally used on the site.

All free CMS based platform, for example Wordpress used for e-commerce one sadly have to be careful around. IMO, if possible avoid as the reports on this kind of issues is too many. Even this expert on Sucuri had problems find the malicious files.

 

[silversurfer]

WordPress Malware Targets WooCommerce Stores

Researchers have spotted a WordPress malware that allows cybercriminals to collect information from WooCommerce stores and helps them set up compromised websites for future skimming attacks

www.securityweek.com

Researchers have spotted a piece of WordPress malware that allows cybercriminals to collect information from WooCommerce stores and helps them set up compromised websites for future skimming attacks.

WooCommerce is a highly popular open-source eCommerce plugin for WordPress that allows site owners to easily set up their own online store. With more than 5 million installations, it is one of the biggest eCommerce platforms and is often targeted by cybercriminals for financial gain.

Attacks part of an ongoing campaign targeting vulnerable WordPress plugins employ malicious code designed to identify whether sites are using WooCommerce and then query data related to it, web security company Sucuri revealed.