UPDATED 22:27 EST / APRIL 13 2020

SECURITY

WordPress sites using WooCommerce targeted by credit card skimmers

WordPress sites using the popular WooCommerce plugin are being targeted by credit card skimming code, the first time that Magecart-like attacks have been discovered targeting the content management system.

Discovered late last week by security researcher Ben Martin at Sucuri, the attacks involve the injection of JavaScript to steal both the credit card number and card security code of those making purchases from a targeted site.

Martin noted that although WordPress has been targeted before in payment attacks, they usually involve changes such as forwarding payments to the attacker’s PayPal address. Dedicated credit card swiping malware on WP is described as “something fairly new.”

Despite having some similarities to Magecart attacks, the attacks targeting WordPress installations with WooCommerce modify a normally benign JavaScript file that is used by WordPress as opposed to trying to insert the code from the third-party service. That made the code difficult to see since the malware “lodged itself within an already existing and legitimate file making it a bit harder to detect.”

Stolen data is sent to an image file that is stored in the wp-content/uploads directory but is later auto-deleted when accessed by the attackers, an added level of sophistication.

“Third-party plugins are always a high-value target for criminals, as it’s an easy way to access hundreds to thousands of sites through manipulating the code at the source where the plugin is developed,” James McQuiggan, security awareness advocate at security awareness firm KnowBe4 Inc., told SiliconANGLE. “Organizations want to make sure they educate and train their developers to analyze and verify all third-party plugins for unusual activity through the quality and analysis testing process before releasing new updates. Like a home, the website must be secured, and one easy way is to verify the plugins and software regularly.”

Image: WooCommerce

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU