Server Side Credit Card Skimmer Lodged in Obscure Plugin

Attackers are always finding new ways to inject malware into websites and new ways to obscure it to avoid detection, but they’re always up to their same old tricks. In this post, we’ll explore how attackers are using a very obscure PHP snippet WordPress plugin to install server-side malware to harvest credit card details from a WooCommerce online store.

As is normally the start to these stories, we were provided with reports of stolen credit card information that needed to be investigated.

Continue reading Server Side Credit Card Skimmer Lodged in Obscure Plugin at Sucuri Blog.