Hackers infect random WordPress plugins to steal credit cards

Credit card swipers are being injected into random plugins of e-commerce WordPress sites, hiding from detection while stealing customer payment details.

With the Christmas shopping season in full swing, card-stealing threat actors raise their efforts to infect online shops with stealthy skimmers, so administrators ought to remain vigilant.

The latest trend is injecting card skimmers into WordPress plugin files, avoiding the closely-monitored ‘wp-admin’ and ‘wp-includes’ core directories where most injections are short-lived.

Hiding in plain sight

According to a new report by Sucuri,…

More Info

About mblog.my

Check Also

Supply chain attack used legitimate WordPress add-ons to backdoor sites

Getty Images Dozens of legitimate WordPress add-ons downloaded from their original sources have been found …

Leave a Reply

Your email address will not be published. Required fields are marked *