CyberSecurity news
FlagThis
@securityonline.info
//
A new and stealthy formjacking malware has been discovered targeting WooCommerce, the popular e-commerce plugin for WordPress. The malware discreetly steals customer payment data from legitimate checkout processes, posing a significant threat to online businesses. Unlike traditional skimmers that simply overlay payment forms, this malware integrates seamlessly into the checkout process, exfiltrating sensitive customer data without raising immediate suspicion.
This sophisticated malware injects a fake payment form into legitimate checkout pages, meticulously mimicking the design and functionality of the actual site. It captures card numbers, expiration dates, CVVs, and personal information like names and addresses. To evade detection, the malware uses the browser's localStorage to silently collect and store cardholder data, ensuring persistence and anti-forensic capabilities. The data theft is triggered when the "Place Order" button is pressed, using the navigator.sendBeacon() method to transmit data asynchronously and silently to a remote Command & Control (C2) server.
The infection vector is believed to be through compromised WordPress admin accounts. Attackers inject malicious JavaScript code via plugins like Simple Custom CSS and JS, exploiting their capabilities to insert code dynamically. This allows the malware to monitor user input on checkout fields continuously, capturing data even if the purchase isn't completed. Cybersecurity experts recommend implementing robust security measures, including regular security audits, up-to-date software, and careful monitoring of third-party dependencies, to protect against such attacks.
ImgSrc: securityonline.
References :
This sophisticated malware injects a fake payment form into legitimate checkout pages, meticulously mimicking the design and functionality of the actual site. It captures card numbers, expiration dates, CVVs, and personal information like names and addresses. To evade detection, the malware uses the browser's localStorage to silently collect and store cardholder data, ensuring persistence and anti-forensic capabilities. The data theft is triggered when the "Place Order" button is pressed, using the navigator.sendBeacon() method to transmit data asynchronously and silently to a remote Command & Control (C2) server.
The infection vector is believed to be through compromised WordPress admin accounts. Attackers inject malicious JavaScript code via plugins like Simple Custom CSS and JS, exploiting their capabilities to insert code dynamically. This allows the malware to monitor user input on checkout fields continuously, capturing data even if the purchase isn't completed. Cybersecurity experts recommend implementing robust security measures, including regular security audits, up-to-date software, and careful monitoring of third-party dependencies, to protect against such attacks.
ImgSrc: securityonline.
Share:
References :
- securityonline.info: Stealthy Skimmer: New Formjacking Malware Targets WooCommerce Checkouts
- cyberpress.org: Formjacking Malware Emerges Targeting E-Commerce Sites for Credit Card Data
- gbhackers.com: New Formjacking Malware Targets E-Commerce Sites to Steal Credit Card Data
Classification:
- HashTags: #Formjacking #Malware #Ecommerce
- Company: WooCommerce
- Target: Ecommerce Sites
- Product: WooCommerce
- Feature: Payment Card Theft
- Malware: Formjacking
- Type: Malware
- Severity: Major