A sophisticated credit card skimmer malware has been discovered targeting WordPress checkout pages by silently injecting malicious JavaScript into the WordPress database's wp_options table. This method allows the malware to evade file-scanning tools, capturing sensitive payment details by mimicking legitimate payment forms or using real-time data interception on existing ones. The malware uses AES-CBC encryption and Base64 encoding to disguise stolen data, transmitting it to attacker-controlled servers such as valhafather[.]xyz. Researchers recommend examining custom HTML widgets for suspicious scripts, regularly updating security patches, and employing a Web Application Firewall (WAF), file integrity monitoring, and two-factor authentication. A similar skimmer targeting Magento eCommerce websites was reported in November 2024, highlighting the increasing sophistication of such attacks. Continue here.
