2025-01-15 03:08:55 Pacfic
WordPress Skimmers Inject Malicious Code in Database - 1d
A sophisticated credit card skimmer malware campaign is targeting WordPress e-commerce websites, placing user payment information at risk. The malware operates by injecting malicious JavaScript code directly into the database tables of the content management system. This stealthy method allows the skimmer to evade traditional security detection systems, making it difficult to spot and remove. Once activated on the checkout page, the malware either hijacks existing payment fields or injects a fake payment form, closely mimicking legitimate payment processors. This form is designed to capture and record sensitive information such as credit card numbers, expiration dates, CVV numbers, and billing addresses.
The stolen data is then encoded using Base64 and encrypted with AES-CBC to make it appear harmless and harder to analyze. This encrypted data is subsequently sent to an attacker-controlled server using the navigator.sendBeacon function to avoid detection by the website user. The collected data, including payment card details and potentially other personal information, is then used for fraudulent transactions or sold on underground markets. Website owners are advised to examine custom HTML widgets, apply the latest security updates and patches, implement two-factor authentication, regularly review admin accounts, implement file integrity monitoring and use a website firewall for protection.
ImgSrc: securityaffairs.com
References:
- gbhackers.com - Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data - 1d
- The Hacker News - WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables – Source:thehackernews.com - 1d
- CySecurity News - Latest Information Security and Hacking Incidents - Sophisticated Credit Card Skimmer Malware Targets WordPress Checkout Pages - 1d
- ciso2ciso.com - WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables – Source:thehackernews.com - 1d
- Security Affairs - Stealthy credit card skimmer targets WordPress e-commerce sites, injecting malicious JavaScript into CMS database tables to evade detection. - 1d
- CISO2CISO.COM & CYBER SECURITY GROUP - WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables – Source:thehackernews.com - 1d
- GBHackers Security | #1 Globally Trusted Cyber Security News Platform - Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data - 18h
- @jos1264 - WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables – Source:thehackernews.com - 14h
Classification:
- HashTags: WordPress Skimmer DataBreach
- Company: WordPress
- Target: WordPress Websites
- Product: WordPress
- Feature: Database Injection
- Type: Malware
- Severity: Major