Stealthy WordPress Card Skimmers Hide in Database to Steal Payment Data

Stealthy WordPress Card Skimmers Hide in Database to Steal Payment Data

WordPress E-commerce Sites Targeted by Sophisticated Credit Card Skimmer

A new stealthy credit card skimming campaign has been discovered targeting WordPress e-commerce checkout pages. Security researchers at Sucuri have identified malicious JavaScript code being inserted into WordPress database tables, specifically targeting payment processing systems.

The Attack Mechanism:
– Malware embeds itself in the WordPress wp_options table under “widget_block”
– Targets checkout pages specifically
– Creates convincing fake payment forms or hijacks legitimate payment fields
– Mimics popular payment processors like Stripe

Data Collection and Transmission:
– Captures credit card numbers, expiration dates, CVV numbers, and billing information
– Implements Base64-encoding and AES-CBC encryption to disguise stolen data
– Transmits encrypted data to malicious servers (valhafather.xyz or fqbe23.xyz)

Related Threats:
– Similar campaign detected using JavaScript malware with triple-layer obfuscation
– PayPal phishing scheme using Microsoft 365 test domains
– New “transaction simulation spoofing” technique targeting cryptocurrency wallets

The sophisticated nature of these attacks makes them particularly challenging to detect, as they utilize legitimate system features and careful obfuscation techniques. Website administrators should maintain vigilant security monitoring and implement robust protection measures for their e-commerce platforms.

Share This Article