HomeNewsWordPress malware pinpoints WooCommerce sites for Magecart attacks

WordPress malware pinpoints WooCommerce sites for Magecart attacks

If you purchase via links on our reader-supported site, we may receive affiliate commissions.
cyberghost vpn ad

Some cybercriminals have targeted WooCommerce online stores with a sizable number of customers fit enough for a Magecart attack in the nearest future. This discovery was done by researchers from Sucuri, a website security firm.

WooCommerce remains an open-source WordPress plugin developed for easy running of e-commerce web stores that are into commercial services. Cybercriminals are using flaws found in WordPress plugins to hack web stores that employed the service of WooCommerce to process their financial dealings.

As explained by Sucuri, this malware is covertly installed as a PHP script (5ea331c1744115ea331c17441f.php) to prepare it for future attacks and also extract MySQL database information for accessing the hacked web stores’ WordPress database and subsequently run SQL queries capable of gathering the web store’s registered transactions and all payments logged.

The Magecart Attack Process

According to Leal, one of Sucuri security researchers, Magecart developer’s decision to target just WooCommerce stores in its malicious campaign is to allow them to concentrate their malicious efforts on web stores with a good number of orders and traffic for a good return on invested time as reported by Bleepingcomputer.

Leal concluded by stating that “Another trick used by the developers of Magecart malware is the method of deploying three backdoors on hacked websites which becomes useful to them in future attack with the help of a web skimmer serving as leverage to unauthorized access for new targets in these hacked websites”.

This is certainly not the first of Magecart attack on e-commerce platforms, PCrisk reported of its tracking of an increase in the number of attacks by Magecart on multiple payment processing e-commerce platforms on the 14th of April 2020 which often result to stealing of credit and debit card information by injecting a malicious JavaScript code into the platform’s cart which is capable of scanning debit and credit card details entered by unsuspecting customers.

These stolen credit and debit card details end up sold or used for fraudulent purchases on the dark web market after the hacker once the malicious JavaScript code transmits the stolen details to the control server operated by the hacker.


Fiorella Salazar
Fiorella Salazar
Fiorella Salazar is a cybersecurity expert, digital privacy advocate, and VPN evangelist based in Canada. She holds an M.Sc. in Cybersecurity from a Canadian university. She is an avid researcher and frequent contributor to several cybersecurity journals and magazines. Her mission is to raise awareness about the importance of digital privacy and the benefits of using a VPN. She is the go-to source for reliable, up-to-date information on VPNs and digital privacy.


Delete Me
Incogni Black Friday Ad
Heimdal Security ad

Subscribe to SecureBlitz Newsletter

* indicates required


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.