Security News > 2020 > April > WordPress WooCommerce sites targeted by card swiper attacks
Credit card swipers have found a hard-to-detect way to target WordPress websites using the WooCommerce plugin by secretly modifying legitimate JavaScript files.
That's according to web security company Sucuri, which has detailed a recent attack it was called into investigate on a site that had experienced a mysterious spate of credit card fraud.
The objective in this type of attack is to exploit a security weakness to bury malicious code on payments systems, capturing the credit card details as customers enter them.
These attacks are often not detected until card victims complain, which appears to be what happened in the case documented by Sucuri.
In the case of WooCommerce, these include changing the default WordPress username from admin to something attackers will find difficult to guess, as well as using a strong password.