Cyber security news for all

More

    WordPress malware discovers WooCommerce websites for Magecart attacks

    Researchers at website security company Sucuri have discovered new WordPress malware used by threat actors to find and identify the WooCommerce online stores with many customers to be targets for future Magecart attacks.

    WooCommerce is an open-source WordPress plugin with over 5 million active installations. It is designed to simplify the management of e-commerce sites used to “sell anything anywhere.”

    However, attacking the WooCommerce online store is nothing new.

    Plugins with errors for hacking into electronic stores

    To crack the WooCommerce-based online store and drop new malware, hackers are exploiting security holes in other WordPress plugins.

    By exploiting these flaws, they will be able to access the online store’s internal structure and find out whether the site uses the WooCommerce platform. They will then collect and extract information about WooCommerce installation on servers controlled by attackers.

    “It is important to note that, by default, the WooCommerce plugin does not store payment card data-an attacker cannot just steal private payment details from the WordPress database,” the malware researcher said.

    The malware installation is in the form of a malicious PHP script and is part of the exploitation steps after successfully compromising the WordPress site.

    Magecart reconnaissance

    Although Sucuri has not specified the purpose of this information, malware operators can use orders and payment information to decide whether it is worth deploying a skimmer specifically for online stores.

    This will enable them to focus their energy on online stores that receive a lot of traffic and orders, and as a result, avoid wasting time on e-commerce stores that are idle or don’t have many customers.

    Sucuri only observed one of the Magecart campaigns targeting the WooCommerce store just a month ago. They also watched credit card thieves inject a dedicated JavaScript-based card separator that collects card numbers from the card along with credit card security code.

    The WordPress malware will also implement three backdoors on the infected website. This will be very useful if the attacker decides to return and implement a network skimmer.

    Leal concluded: “This malware is a good example of an attacker using unauthorized access to identify potential new targets in a compromised host environment.”

     

    Recent Articles

    Unauthorized access at Scalable Capital

    There has apparently been unauthorized access to individual data at Scalable Capital. The company informed its customers about the incident by mail yesterday, referring...

    The US accuses Russian officers of being in charge for cyber attacks

    The US government has brought charges against Russians who are alleged to have been involved in various cyber attacks as officers of the military...

    Twitter changed its rules for dealing with hacked data

    On Friday night, access to Twitter was disconnected for about two hours. The Chief Engineer announced that the reason was a rebuild in the...

    Norway sees Russia as the perpetrator of the cyber attack

    "It is important that our government refuses to send the Russians a clear sign that we do not know," said the Norway government. According...

    Phishing mail with an incorrect form for Corona bridging aid

    The representation of the European Commission warned of a phishing attempt targeting small and medium sized enterprises. Under the pretext for corona bridging aid,...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox