Security News > 2021 > December > Hackers infect random WordPress plugins to steal credit cards
Credit card swipers are being injected into random plugins of e-commerce WordPress sites, hiding from detection while stealing customer payment details.
The latest trend is injecting card skimmers into WordPress plugin files, avoiding the closely-monitored 'wp-admin' and 'wp-includes' core directories where most injections are short-lived.
According to a new report by Sucuri, hackers performing credit card theft are first hacking into WordPress sites and injecting a backdoor into the website for persistence.
These backdoors allow the hackers to retain access to the site, even if the administrator installs the latest security updates for WordPress and installed plugins.
The threat actors then add their malicious code to random plugins, and according to Sucuri, many of the scripts are not even obfuscated.
The same site had a second injection on the 404-page plugin, which held the actual credit card skimmer using the same approach of hidden variables in unobfuscated code.