WordPress WooCommerce sites targeted by card swiper attacks
Cyber Security

WordPress WooCommerce sites targeted by card swiper attacks

Credit card swipers have found a hard-to-detect way to target WordPress websites using the WooCommerce plugin by secretly modifying legitimate JavaScript files.

That’s according to web security company Sucuri, which has detailed a recent attack it was called into investigate on a site that had experienced a mysterious spate of credit card fraud.

How this was happening wasn’t clear until Sucuri ran an integrity check on the files (comparing the files present with a known default state) and it became clear that the attackers had hidden malicious JavaScript code inside a system file.

This is unusual because most attacks on ecommerce systems involve appending code at the end of a file, a technique which is effective but easier for defenders to spot.

You might also like

GitHub Token Leak Exposes Python Core Repositories to Attacks

Apple users targeted by new phishing attack to reset ID password

Iranian Group Tortoiseshell New Wave of IMAPLoader Malware Attacks

WordPress Patch Fixes Critical Flaw in Jetpack Plugin

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More