A sophisticated malware attack targeting WordPress WooCommerce sites was discovered, involving multiple components: a credit card skimmer, a hidden backdoor file manager, and a reconnaissance script. The attack focused on financial gain and long-term control. The skimmer, injected into the checkout page, collected payment and billing information, sending it to a malicious server. A PHP backdoor allowed remote system command execution, while a reconnaissance script gathered server information. The attack demonstrates the evolving complexity of e-commerce platform threats, emphasizing the need for strict security measures, regular scans, proper access controls, and timely updates to prevent such exploits. Author: AlienVault
Related Tags:
credit card skimmer
e-commerce
reconnaissance
T1056.002
T1102.002
T1059.005
WordPress
Obfuscation
T1059.001
Associated Indicators:
imageresizefix.com
https://imageresizefix.com/pixel_info/img-sort.php?validator=ENCODED_DATA
185.247.224.241
104.194.151.47