Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


WooCommerce Credit Card Skimmers Concealed in Fake Images

Due to the increased number of plugins and components facilitating online payments and its ease of use, WordPress has become a common e-commerce platform — and the frequency in which the popular CMS is being targeted by attackers aiming to steal sensitive personal information and credit card details is also accelerating. Researchers at Sucuri recently uncovered a case where a credit card swiper had been injected into WordPress’ wp-settings.php file. The only symptom their customer reported was that images were disappearing from the WooCommerce cart almost as soon as they were uploaded. Because the include was buried deep down into the file, it was easy to miss on a casual review. Additionally, because the include itself does not follow any malware patterns, it could be missed by malware scanners looking for specific signatures. Furthermore, because the malicious file being included was located above the site directory, a cursory scan of the site files would have also missed that. Attackers often like to place malicious content out of the way so it is more difficult to detect. One tactic they use is to create directories that look like system directories, or to place malware in existing core CPanel or other server directories.

Analyst Notes

E-commerce website owners need to be aware of the risks that come with hosting these types of websites and do everything in their ability to protect customers when they are entering their payment information. Administrators of WordPress E-commerce sites should run frequent core file integrity checks to make sure website files haven’t been modified with malicious content, such as the code that was embedded in the case study in this article. Administrators should also install file integrity monitoring software and keep all WordPress plugins updated so they are more secure.

WooCommerce Credit Card Skimmers Concealed In Fake Images