Threat Intelligence

Novel credit card skimmer used in widespread attacks

Safe online payment and electronic money transfer security. Pay with digital technology. Man using credit card and laptop to login to internet bank. Financial safety to prevent scam, threat and fraud.

Attacks with the novel Caesar Cipher Skimmer have been deployed against WordPress, OpenCart, Magento, and other content management system platforms to facilitate the exfiltration of credit card information, according to The Hacker News.

Intrusions involved alterations of the WordPress plugin WooCommerce's checkout PHP file to enable staging of an HTML style sheet-emulating PHP script, which then allows retrieval of the credit card skimmer, a report from Sucuri showed. "The script sends the URL of the current web pages, which allows the attackers to send customized responses for each infected site. Some versions of the second layer script even check if it is loaded by a logged-in WordPress user and modify the response for them," said researcher Ben Martin, who also noted the targeting of the WPCode plugin. On the other hand, Magento-based websites are being compromised through malicious JavaScript injections on database tables. Such findings should prompt the implementation of password hygiene, consistent updates, and audits on CMS software and their plugins.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.