Image: Erik Mclean
Researchers at website security firm Sucuri have discovered a new WordPress malware used by threat actors to scan for and identify WooCommerce online shops with a lot of customers to be targeted in future Magecart attacks.
WooCommerce is an open-source WordPress plugin with over 5 million active installs and designed to make it easy to run e-commerce sites that can be used to "sell anything, anywhere."
Attacking WooCommerce online stores is not something new as shown by previous attacks that were attempting to hack into online stores by brute-forcing admin passwords with the end goal of harvesting credit cards (also known as Magecart attacks), as detailed by Sanguine Security's Willem de Groot two years ago.
Buggy plugins used to hack e-shops
To hack into WooCommerce-based webshops and drop this new malware, the hackers are taking advantage of security vulnerabilities found in other WordPress plugins.
By exploiting these flaws, they will be able to get access to the e-store's internal structure, discover if the site is using the WooCommerce platform, and subsequently collect and exfiltrate info about the WooCommerce installation to attacker-controlled servers.
"It’s important to note that by default, the WooCommerce plugin does not store payment card data — attackers can’t simply steal sensitive payment details from the WordPress database," Sucuri malware researcher Luke Leal explains.
The malware is installed in the form of a malicious PHP script as part of the po ..
Support the originator by clicking the read the rest link below.
