WordPress e-commerce websites are the latest target of a stealthy credit card skimmer campaign, according to researchers. The malware uses malicious JavaScript code injected into WordPress database tables to steal sensitive payment information.
This skimmer specifically attacks checkout pages by hijacking payment fields or generating fake credit card forms. The malicious code, hidden within the “widget_block” option in the WordPress wp_options table, avoids detection by typical security scans. The malware is designed to activate only when a visitor attempts to enter payment details, making it even harder to spot.
Once activated, the malware captures credit card data, including numbers, expiration dates, CVV codes, and billing information. It can also record information entered on legitimate payment forms. To evade analysis, the stolen data is encoded and encrypted before being sent to attacker-controlled servers.
Reports show the malware mimics payment processors like Stripe to appear authentic. It dynamically creates bogus payment screens that trick users into providing sensitive data. Similar campaigns in the past have used JavaScript malware to harvest payment information by either replacing checkout forms or stealing data in real time.
The collected information undergoes multiple layers of encryption and obfuscation before exfiltration. This technique ensures the data appears harmless during transmission. Such campaigns highlight the growing sophistication of cyberattacks targeting e-commerce platforms.
How to Stay Safe
Website owners can protect their WordPress sites by keeping plugins, themes, and the CMS updated. Regularly scan your database for unusual entries, especially in tables like wp_options. Implement strong security measures like web application firewalls (WAFs) and monitor user activity. For consumers, only shop on trusted websites and avoid entering payment details on suspicious pages.