You are here
Home > News > WordPress malware pinpoints WooCommerce sites for Magecart attacks

WordPress malware pinpoints WooCommerce sites for Magecart attacks

magecart attack wordpress

Some cybercriminals have targeted WooCommerce online stores with a sizable number of customers fit enough for a Magecart attack in the nearest future. This discovery was done by researchers from Sucuri, a website security firm.

WooCommerce remains an open-source WordPress plugin developed for easy running of e-commerce web stores that are into commercial services. Cybercriminals are using flaws found in WordPress plugins to hack web stores that employed the service of WooCommerce to process their financial dealings.

As explained by Sucuri, this malware is covertly installed as a PHP script (5ea331c1744115ea331c17441f.php) to prepare it for future attacks and also extract MySQL database information for accessing the hacked web stores’ WordPress database and subsequently run SQL queries capable of gathering the web store’s registered transactions and all payments logged.

The Magecart Attack Process

According to Leal, one of Sucuri security researchers, Magecart developer’s decision to target just WooCommerce stores in its malicious campaign is to allow them to concentrate their malicious efforts on web stores with a good number of orders and traffic for a good return on invested time as reported by Bleepingcomputer.

Leal concluded by stating that “Another trick used by the developers of Magecart malware is the method of deploying three backdoors on hacked websites which becomes useful to them in future attack with the help of a web skimmer serving as leverage to unauthorized access for new targets in these hacked websites”.

This is certainly not the first of Magecart attack on e-commerce platforms, PCrisk reported of its tracking of an increase in the number of attacks by Magecart on multiple payment processing e-commerce platforms on the 14th of April 2020 which often result to stealing of credit and debit card information by injecting a malicious JavaScript code into the platform’s cart which is capable of scanning debit and credit card details entered by unsuspecting customers.

These stolen credit and debit card details end up sold or used for fraudulent purchases on the dark web market after the hacker once the malicious JavaScript code transmits the stolen details to the control server operated by the hacker.


Fiorella Salazar

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.