silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,165
The payment-card stealer differs from typical malware targeting WordPress-based e-commerce environments.
Credit-card-stealing criminals have set their sights on the WordPress plugin known as WooCommerce, an e-tailer platform, with a JavaScript-based card-skimming malware.
Sucuri researcher Ben Martin recently investigated a skimmer attack lodged against a WooCommerce site and found that it differs from prior payment-card campaigns that have targeted WordPress-based e-commerce destinations — in that the malware doesn’t just intercept payment information entered into the fields on a check-out page.
“[Attacks on WooCommerce in the past have] typically been limited to modifications of payment details within the plugin settings,” he explained in a Thursday posting. “For example, forwarding payments to the attacker’s PayPal email instead of the legitimate website owner. Seeing a dedicated credit card swiping malware within WordPress is something fairly new.”