Security News > 2020 > May > WordPress Malware Targets WooCommerce Stores
Researchers have spotted a piece of WordPress malware that allows cybercriminals to collect information from WooCommerce stores and helps them set up compromised websites for future skimming attacks.
Attacks part of an ongoing campaign targeting vulnerable WordPress plugins employ malicious code designed to identify whether sites are using WooCommerce and then query data related to it, web security company Sucuri revealed.
Written in PHP, the malware creates a series of functions used to search for other WordPress websites and connect to their database to gather WooCommerce data.
The malware submits a total of three SQL queries to the WordPress database, to get the number of orders, query the row data for orders in the posts table placed after March 1, 2020, and to search the postmeta table for data related to orders made on or after March 1.
According to the researchers, although it still needs some refinement, the malware is a great example of how attackers can abuse unauthorized access to identify new targets within compromised hosting environments.