Friday, August 14, 10:31
Home security Credit card thieves target WooCommerce sites with skimmer

Credit card thieves target WooCommerce sites with skimmer

WooCommerce sites

Hackers aim WooCommerce sites with a specialist JavaScript-based card template malware, which allows theft credit card details, without having to redirect the payments to accounts controlled by them hackers.

WooCommerce is one free, open-source WordPress Plugin used in more than 5 million sites and makes it easier e-commerce.

This is not the first time WooCommerce e-shops have been involved attacks credit card theft (also known as Magecart attacks), as stated by her Willem de Groot Sanguine Security. In August 2018 some hackers tried to violate WooCommerce sites using his technique brut-forcing to discover codes access of administrators.

"Of course, WooCommerce and other e-commerce WordPress-based sites have been targeted by hackers in the past, but were usually limited to modifying payment details," explained Sucuri's Ben Martin.

"For example, hackers were promoting payments to PayPal e-mail of the intruder instead of the account of the legal owner of the site. What we are seeing now is something quite new. "

credit card skimmer

New card skimming approach

The attack was discovered by Martin after the reports of many users WordPress and WooCommerce sites, about fraudulent credit card transactions.

A check of all the core files of the affected online stores, he revealed malicious code files added at the end of the seemingly harmless JavaScript folders.

"JavaScript itself is a bit difficult to understand, but one thing is clear skimmer saves both credit card number and CVV (card security code) in plain text format cookiesMartin said.

"As is usually the case with PHP malware, many levels of encryption are used in an attempt to avoid detection and hide the underlying code."

What makes this attack stand out is that the attackers behind it, included the JavaScript card skimmer in the site's core files instead of loading it from a third site under their control (This usually happens with attacks aimed at stealing credit card details).

The skimmer cleans its traces

The stolen credit card details are stored in two archives image stored in the wp-content / uploads directory.

However, as Martin discovered, the skimmer was able to cover its tracks, as the files were emptied when the analysis of the violated sites started.

While usually the entry point used by attackers to infect a WooCommerce or other e-commerce site is easy to spot, this time it was not so obvious.

"It could be a compromised administrator account, an SFTP code or some vulnerable software," Martin added.

"One thing I would recommend to anyone interested in it safety of WooCommerce or their WordPress site is to disable instant file processing by adding the following line to wp-config.php, ”he added.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Get MIUI 12 "Focus Mode" on any Xiaomi device

Focus Mode is one of the best features of MIUI 12. This feature was first introduced in MIUI 11, but there are ...

The 20 best gaming consoles of all time

On the threshold of the new generation of consoles, such as the PlayStation 5 and the Xbox Series X, these are the most important and ...

Smart locks: Every home needs to have one!

Home security is a complex issue, but anything is safer than hiding a spare key in a very ...

LinkedIn: How do you record and display the pronunciation of your name?

Having a last name that almost no one pronounces correctly can sometimes be annoying. Thus, LinkedIn attempts ...

Cyber ​​attacks: 5 steps to deal with security incidents

Every organization is prone to cyber attacks and, when it happens, there is a small line between rescuing your network security and ...

Protect your personal data while on vacation

Have you had the chance to go on vacation and lose your passport, your wallet or other ...

How to get Snapchat on your computer

One of the most popular applications in recent years, Snapchat, has given many hours of fun and communication to its users. But did you know ...

Windows applications you need to delete for a better experience!

Some Windows applications are necessary for a computer to function properly, while others often cause problems. These are applications that ...

How to test the new data-saving video settings of Chrome 86?

If there's one issue with the upcoming Chrome 86 update, it seems to be efficiency. Users expect a ...

Netflix: How to change the language in profiles, subtitles and audio

Netflix is ​​not just an English-language streaming service with content from around the world. You can easily watch movies and ...