A new type of malware is sneaking into online stores built with WooCommerce, hiding inside plugins and stealing credit card information from customers.
The WooCommerce extension is a highly popular plugin used on websites built on the WordPress platform and used all over the world. This popularity is fantastic for those with e-commerce sites, but it also makes them an attractive target for cybercriminals. Security researchers have uncovered a new malware campaign which uses plugins – software add-ons which enhance site functionality – to conceal malicious code. These fake WordPress plugins give hackers the ability to steal payment details during the checkout process and cause financial damage.
As with most effective malware, it cleverly hides itself and changes its form to stay one step ahead of e-commerce store owners and their defenses.
How Does the Malware Pull Off Its Heist?
The attack starts when a store owner installs a plugin – in particular, a malicious plugin – which looks genuine, but is cleverly concealed to be something else. It’s also possible for this malware to establish itself due to an existing, legitimate plugin being vulnerable. Alternatively, it may be that a threat actor gained access to an admin account and was able to plant the malicious plugin. Regardless of its origins, once inside, the plugin quickly conceals itself to avoid any suspicious eyes.
Next, the malware gets to work with a complex series of processes. Often, it uses hidden image files or fake PNGs that contain JavaScript code which is only activated once a customer lands on the checkout page. The code then lurks patiently in order to preserve its cover and wait for the imminent payout. Once the victim starts the checkout process, the malware scans the page for payment fields such as credit card numbers and expiry dates. As these fields are filled out, the malware instantly captures the data and transmits it to a remote location for the attackers to harvest.
As the malware contains multiple attack layers and is frequently being updated, it’s capable of side-stepping the attentions of standard security tools. If one of its processes fails, it can instantly switch to another one. And with over six million WooCommerce stores worldwide, the potential damage which could occur is huge.
Staying One Step Ahead of the Attackers
E-commerce is a huge industry, but you don’t need to be a giant in the industry to fall victim to this attack. In fact, you don’t even need to be in the e-commerce niche. If your website takes payments of any kind, it could find itself at the mercy of this or a similar attack. Thankfully, Ophtek can help keep you safe by offering you a few helpful tips to protect yourself:
- Keep Up to Date: Always make a point of keeping all your software up to date. By automating your updates, you can ensure that your WordPress site and all its plugins have the highest level of security possible.
- Only Install Trusted Plugins: It’s important that you thoroughly vet all plugins before installing them to your WordPress sites. Verify who the author is and try to check for reviews relating to the plugin you’re planning to install. It’s also useful to restrict who can install
- Regularly Monitor Your Site: If you want your site to remain safe and secure, you need to monitor its activity throughout the day. If something looks unusual, investigate it. Regularly check your logs and keep an eye on new installs of plugins. Finally, monitor outgoing connections which are regular, but unfamiliar.
For more ways to secure and optimize your business technology, contact your local IT professionals.
