Leave it to thieves to source new ways to cheat people out of their money and they’re always trying to find new ways to do it.
Recently, credit card thieves started targeting WordPress e-commerce sites using WooCommerce by creating and deploying a JS-based credit card skimmer malware to steal customer credit card information. It’s certainly a departure from their standard thievery attempts of sneaky redirects to steal personal data including credit card information.
Since WooCommerce is a widely used WordPress plugin utilized by millions of e-commerce sites using the free open-source plugin, we’re not surprised that thieves figured out a way to try and exploit the plugin.
By no means is this latest WooCommerce credit card theft attack a first. WooCommerce, like any other widely used e-commerce platform, has suffered from attacks in the past, but this is the first of its kind in terms of using JS-based script that “skims” credit card information while someone is completing a WooCommerce checkout.
The innocent-looking JavaScript coding injection responsible for the latest WooCommerce threat appears at the end of reports and is not easily identifiable since the malicious coding simply appears as basic JS files. Less innocent-looking, this malware saves the credit card number and credit card security code in plain text in the form of cookies according to several online sources.
What’s concerning with the skimmer issue is that the typical webmaster won’t realize their site has the skimmer malware on it since the malware is loaded within the site’s core files and aren’t being redirected or propagated from a third party site which is usually the standard practice with digital thieves.
If you’re operating a WordPress WooCommerce site and unsure if your site has been infected with this latest malware threat, the time is now to update your security plugins and run the necessary scans to ensure your site isn’t leaking your client’s credit card information to digital thieves salivating at the opportunity to steal it.
If you’re not sure where to start, contact a WP SitePlan representative today and let us take care of the work for you. Our WordPress maintenance services will ensure your WooCommerce site is secure and remains secure for threats such as the latest skimmer malware attack.
Call 866-956-2330 to speak with a WordPress expert today!
