Some cybercriminals have targeted WooCommerce online stores with a sizable number of customers fit enough for a Magecart attack in the nearest future. This discovery was done by researchers from Sucuri, a website security firm.
WooCommerce remains an open-source WordPress plugin developed for easy running of e-commerce web stores that are into commercial services. Cybercriminals are using flaws found in WordPress plugins to hack web stores that employed the service of WooCommerce to process their financial dealings.
As explained by Sucuri, this malware is covertly installed as a PHP script (5ea331c1744115ea331c17441f.php) to prepare it for future attacks and also extract MySQL database information for accessing the hacked web stores’ WordPress database and subsequently run SQL queries capable of gathering the web store’s registered transactions and all payments logged.
The Magecart Attack Process
According to Leal, one of Sucuri security researchers, Magecart developer’s decision to target just WooCommerce stores in its malicious campaign is to allow them to concentrate their malicious efforts on web stores with a good number of orders and traffic for a good return on invested time as reported by Bleepingcomputer.
Leal concluded by stating that “Another trick used by the developers of Magecart malware is the method of deploying three backdoors on hacked websites which becomes useful to them in future attack with the help of a web skimmer serving as leverage to unauthorized access for new targets in these hacked websites”.
- Get Sucuri 81% OFF