Security News > 2021 > December > Hackers infect random WordPress plugins to steal credit cards
Credit card swipers are being injected into random plugins of e-commerce WordPress sites, hiding from detection while stealing customer payment details.
The latest trend is injecting card skimmers into WordPress plugin files, avoiding the closely-monitored 'wp-admin' and 'wp-includes' core directories where most injections are short-lived.
According to a new report by Sucuri, hackers performing credit card theft are first hacking into WordPress sites and injecting a backdoor into the website for persistence.
These backdoors allow the hackers to retain access to the site, even if the administrator installs the latest security updates for WordPress and installed plugins.
The threat actors then add their malicious code to random plugins, and according to Sucuri, many of the scripts are not even obfuscated.
The same site had a second injection on the 404-page plugin, which held the actual credit card skimmer using the same approach of hidden variables in unobfuscated code.
News URL
Related news
- Hackers deploy crypto drainers on thousands of WordPress sites (source)
- Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites (source)
- Hackers exploit LiteSpeed Cache flaw to create WordPress admins (source)
- Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites (source)