Credit card swipers are more often than not found inside online and brick and mortar retail point of sale systems, but a newer version has been targeting WordPress sites that use the WooCommerce plugin.

WordPress sites using WooCommerce have been attacked before, but not with card swipers. Instead attackers focused on redirecting payments from the intended recipient to their bank account. This time around Sucuri researcher Ben Martin found some malicious JavaScript tacked on to the end of a string of legitimate malware that collected payment card details including number and CVV in plaintext in the form of a cookie.

“The malware utilizes the file_put_contents function to dump the details into two separate image files (one .png and one .jpg) within the wp-content/uploads directory structure,” Martin said, adding he has only spotted a few instances of this type of attack so far.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.