Focus Mode
Cyber Security News

WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

TheHackerNews
WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
Summary: Cybersecurity researchers have identified a stealthy credit card skimmer campaign targeting WordPress e-commerce sites by injecting malicious JavaScript into database tables, allowing attackers to capture sensitive payment information. This campaign also includes phishing tactics and novel techniques to exploit Web3 wallet features for cryptocurrency theft.

Threat Actor: Cybercriminals | cybercriminals
Victim: WordPress e-commerce sites and PayPal users | WordPress e-commerce sites

Key Point :

  • Malicious JavaScript is injected into WordPress database to create fake payment forms on checkout pages.
  • Stolen payment data is obfuscated and sent to attacker-controlled servers.
  • Phishing campaigns exploit legitimate PayPal addresses to hijack user accounts.
  • New phishing techniques leverage transaction simulation in Web3 wallets for cryptocurrency theft.

Source: https://thehackernews.com/2025/01/wordpress-skimmers-evade-detection-by.html

Tags: SPOOFING, DISCOVERY, EXPLOIT, EXFILTRATION, SCAM, PHISHING, EMAIL