UPDATED 22:27 EDT / APRIL 13 2020

SECURITY

WordPress sites using WooCommerce targeted by credit card skimmers

WordPress sites using the popular WooCommerce plugin are being targeted by credit card skimming code, the first time that Magecart-like attacks have been discovered targeting the content management system.

Discovered late last week by security researcher Ben Martin at Sucuri, the attacks involve the injection of JavaScript to steal both the credit card number and card security code of those making purchases from a targeted site.

Martin noted that although WordPress has been targeted before in payment attacks, they usually involve changes such as forwarding payments to the attacker’s PayPal address. Dedicated credit card swiping malware on WP is described as “something fairly new.”

Despite having some similarities to Magecart attacks, the attacks targeting WordPress installations with WooCommerce modify a normally benign JavaScript file that is used by WordPress as opposed to trying to insert the code from the third-party service. That made the code difficult to see since the malware “lodged itself within an already existing and legitimate file making it a bit harder to detect.”

Stolen data is sent to an image file that is stored in the wp-content/uploads directory but is later auto-deleted when accessed by the attackers, an added level of sophistication.

“Third-party plugins are always a high-value target for criminals, as it’s an easy way to access hundreds to thousands of sites through manipulating the code at the source where the plugin is developed,” James McQuiggan, security awareness advocate at security awareness firm KnowBe4 Inc., told SiliconANGLE. “Organizations want to make sure they educate and train their developers to analyze and verify all third-party plugins for unusual activity through the quality and analysis testing process before releasing new updates. Like a home, the website must be secured, and one easy way is to verify the plugins and software regularly.”

Image: WooCommerce

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.