Contact Info

Atlas Cloud LLC 600 Cleveland Street Suite 348 Clearwater, FL 33755 USA

support@dedirock.com

Client Area
Recommended Services
Supported Scripts
WordPress
Hubspot
Joomla
Drupal
Wix
Shopify
Magento
Typeo3

Cybersecurity analysts have issued a warning about a new underground campaign utilizing stealthy credit card skimmers targeting WordPress e-commerce checkout pages. This malicious activity involves embedding harmful JavaScript into the database tables linked with the content management system, specifically designed to capture sensitive payment information.

Researcher Puja Srivastava from Sucuri explained, “This credit card skimmer malware targets WordPress websites by covertly injecting JavaScript into database entries to pilfer payment details.” This code activates during the checkout process, either by hijacking existing payment fields or inserting a fraudulent credit card form.

The malware, detected by GoDaddy’s website security team, was found in the WordPress wp_options table, specifically in a plugin option called "widget_block." This clever method allows the malware to remain undetected by scanning tools, ensuring its persistence on compromised sites.

The harmful JavaScript checks if a page is meant for checkout and only activates when users are ready to enter payment details. At that moment, it creates a fake payment interface that mimics legitimate payment processors, such as Stripe. This form collects crucial data, including credit card numbers, expiration dates, CVV codes, and billing details, while also capable of capturing data from legitimate purchase screens to maximize the chances of success.

The stolen information undergoes several layers of obfuscation—first, it’s Base64-encoded, then encrypted with AES-CBC encryption to appear harmless. Finally, the data is sent to servers controlled by attackers, identified by suspicious domains.

This revelation follows a previous alert by Sucuri regarding a similar campaign targeting Magento checkout pages, where malicious JavaScript was employed to create fake forms or extract entered information in real-time.

Alongside these attacks, a phishing campaign has been identified where victims receive fraudulent emails disguised as PayPal payment requests, tricking them into divulging sensitive account information. These emails are deceptively sent from valid PayPal addresses, which helps them avoid detection by security measures.

In a new wave of threats, cybercriminals are also leveraging transaction simulation spoofing to siphon cryptocurrency from user wallets, exploiting features designed to enhance transaction transparency and user experience.

Overall, these developments highlight the increasingly sophisticated methods attackers are using to compromise e-commerce platforms and the need for heightened security awareness among online shoppers and merchants alike.


Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.

Share this Post
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x