{
  "name": "Credit Card Skimmer and Backdoor on WordPress E-commerce Site",
  "slug": "credit-card-skimmer-and-backdoor-on-wordpress-e-commerce-site",
  "description": "A sophisticated malware attack targeting WordPress WooCommerce sites was discovered, involving multiple components: a credit card skimmer, a hidden backdoor file manager, and a reconnaissance script. The attack focused on financial gain and long-term control. The skimmer, injected into the checkout page, collected payment and billing information, sending it to a malicious server. A PHP backdoor allowed remote system command execution, while a reconnaissance script gathered server information. The attack demonstrates the evolving complexity of e-commerce platform threats, emphasizing the need for strict security measures, regular scans, proper access controls, and timely updates to prevent such exploits.",
  "published": "2025-03-15T06:22:21+00:00",
  "created_at": "2025-03-15T06:22:21+00:00",
  "modified_at": "2025-03-17T09:08:48+00:00",
  "created_at_opencti": "2025-03-15T06:22:21+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-03-15",
    "backdoor",
    "credit card skimmer",
    "e-commerce",
    "javascript",
    "obfuscation",
    "php",
    "reconnaissance",
    "woocommerce",
    "wordpress"
  ],
  "related_entities": {
    "attack_patterns": [
      {
        "id": "64e548d5-24de-4894-9c90-c6e17b3b3bee",
        "name": "T1056.002"
      },
      {
        "id": "beaa4978-0309-438b-a45e-ec566b643811",
        "name": "T1505.003"
      },
      {
        "id": "de38dd3a-41d7-4621-8a00-a32d7f0ff420",
        "name": "T1102.002"
      },
      {
        "id": "9e784d22-5a6c-4da6-968a-5fab2f019efd",
        "name": "T1059.005"
      },
      {
        "id": "32b33067-6566-4b8d-be80-e96f765d84de",
        "name": "T1059.001"
      },
      {
        "id": "e73b317e-ea92-49b4-a45d-051f7279aced",
        "name": "T1213"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "29f7ff93-033b-4f8d-8691-5bcaa438c80f",
        "name": "T1592"
      },
      {
        "id": "0156fcda-e385-4662-b388-086c3e16feec",
        "name": "T1140"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Retail"
      }
    ]
  },
  "external_refs": [
    "https://blog.sucuri.net/2025/03/credit-card-skimmer-and-backdoor-on-wordpress-e-commerce-site.html",
    "https://otx.alienvault.com/pulse/67d52aad906732f7bad24dfa"
  ]
}