216.73.217.80

Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection

· Published 10/01/2025 01:21 · Modified 10/01/2025 08:41

Export JSON

Essential information

Published
10/01/2025 01:21
Modified
10/01/2025 08:41
Tags
2025-01-10 credit card skimmer database injection ecommerce wordpress
Related entities
9 techniques (mitre), 2 others

Description

A sophisticated malware has been discovered targeting websites. The malware injects malicious JavaScript into database entries, specifically in the wp_options table, to steal sensitive payment details from checkout pages. It activates only on checkout pages, either hijacking existing payment fields or injecting a fake credit card form. The malware uses Base64 encoding and AES-CBC encryption to obfuscate stolen data before sending it to attacker-controlled servers. This stealthy approach allows the malware to persist undetected on compromised sites, avoiding common file-scanning tools. The attack demonstrates the evolving techniques used by attackers to target sensitive checkout processes in environments.

External references