Credit card swipers are being injected into random plugins of e-commerce WordPress sites, hiding from detection while stealing customer payment details.
With the Christmas shopping season in full swing, card-stealing threat actors raise their efforts to infect online shops with stealthy skimmers, so administrators ought to remain vigilant.
The latest trend is injecting card skimmers into WordPress plugin files, avoiding the closely-monitored ‘wp-admin’ and ‘wp-includes’ core directories where most injections are short-lived.
According to a new report by Sucuri, hackers performing credit card theft are first hacking into WordPress sites and injecting a backdoor into the website for persistence.
Full article at https://www.bleepingcomputer.com/news/security/hackers-infect-random-wordpress-plugins-to-steal-credit-cards/