As the holiday season is approaching, more and more people to rush to finish their Christmas shopping without being aware of the fact that cybercriminals don’t take time off for the holidays.
What Is Happening?
Credit card skimmers are being inserted into random plugins on e-commerce WordPress sites, allowing them to remain undetected while collecting client payment information.
Injecting card skimmers into WordPress plugin files is the newest trend, avoiding the heavily watched ‘wp-admin’ and ‘wp-includes’ core folders, where most injections are short-lived.
The attackers know that most security plugins for WordPress contain some way to monitor the file integrity of core files (that is, the files in wp-admin and wp-includes directories). This makes any malware injected into these files very easy to spot even by less experienced website administrators. The next logical step for them would be to target plugin and theme files. This is not the first time we have seen this, but what was quite fascinating about this particular infection was the way that the code was written to appear entirely benign. It wasn’t until we broke apart the code using some more advanced methods that the payload was uncovered.
According to a new Sucuri investigation,