WooCommerce Falls to Fresh Card-Skimmer Malware

2020-04-10 21:37

Sucuri researcher Ben Martin recently investigated a skimmer attack lodged against a WooCommerce site and found that it differs from prior payment-card campaigns that have targeted WordPress-based e-commerce destinations - in that the malware doesn't just intercept payment information entered into the fields on a check-out page.

Forwarding payments to the attacker's PayPal email instead of the legitimate website owner. Seeing a dedicated credit card swiping malware within WordPress is something fairly new."

In his investigation, Martin found the image files to be empty of stolen data - suggesting that, potentially, "The malware had the ability to cover its own tracks and auto-cleared these files after the information had been acquired by the attackers," according to his writeup.

Given that attackers are able to compromise websites in any number of ways - exploiting a known vulnerable plugin or via a brute-forced admin account - a good approach to protecting WooCommerce and other WordPress-based websites from skimmers and other malware is to disable direct file editing for wp-admin, according to Martin.

Php file: define( 'DISALLOW FILE EDIT', true );," he said.

News URL

https://threatpost.com/woocommerce-card-skimmer-malware/154699/

#malware #skimmer

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Woocommerce		33	0	41	19	3	63