Skip to content
Menu
Bayou Technologies | Lake Charles, Louisiana | Technology | Cybersecurity | Communication | Marketing
Computer IT Services & Marketing
  • Technology
    • Managed Services
    • Computer Repair
    • Consulting
  • Cybersecurity
    • BDR
    • Network Security
    • Computer Security
    • Data Recovery
  • Communication
    • Cabling
    • Wireless Networking
    • Phones
  • Marketing
    • Website Development
    • Search Engine Optimization
    • Social Media & Online Presence
    • Location Scan
    • Website & Email Management
    • Online Advertising
    • Multimedia Design
    • Newsletter
  • CALL: 337-214-1172
Widgets

HOME  |  BLOG  |  REMOTE SUPPORT

Home
Support
Blog
Contact
Close Menu
Hackers Targeting WooCommerce Users To Steal Credit Card Information
April 22 2020

Hackers Targeting WooCommerce Users To Steal Credit Card Information

wukovits Blog, Business & Finance, Malware and Virus Protection, Recent News, Security, Technology News

WooCommerce is a WordPress-based, free plugin that makes it incredibly easy to sell just about anything online. With more than five million installations, it’s clearly a favorite on the web. Unfortunately, its popularity also makes it an easy target.

Ben Martin and Willem de Groot are researchers with Sanguine Security. They found a new attack that specifically targets site owners with WooCommerce installed.

The first indication that something was amiss was a spike in fraudulent credit card transaction reports from clients with WooCommerce installed. The company performed an integrity check on the core files of their impacted customers and found a number of JavaScript files with malicious code appended to them. An analysis of the code revealed it to be a new credit card skimmer that was cleverly designed to cover its own tracks.

Martin had this to say about the company’s discovery:

“Naturally, WooCommerce and other WordPress-based ecommerce websites have been targeted before, but this has typically been limited to modifications of payment details within the plugin settings. For example, forwarding payments to the attacker’s PayPal email instead of the legitimate website owner. Seeing a dedicated credit card swiping malware within WordPress is something fairly new.”

As for those JavaScript files:

“The JavaScript itself is a little difficult to understand, but one thing that is clear is that the infection saves both the credit card number and the card security code in plain text in the form of cookies. As is typical in PHP malware, several layers of encoding and concatenation are employed in an attempt to avoid detection and hide its core code from the average webmaster.”

If you own a business of any size and you use WooCommerce to handle your online sales, Martin recommends disabling direct file editing for wp-admin by adding the following line to your wp-config.php file:

“define( ‘DISALLOW_FILE_EDIT’, true );” (without the quotation marks).

While that won’t offer bullet-proof protection, it will make your site more secure and harder for the attackers to hack.

Used with permission from Article Aggregator

Spread Of COVID-19 Data Available From Google And Apple New Windows 10 Disk Cleanup Feature Coming Soon

Related Posts

Major Security Issues Found With Popular Android App

Android, Blog, General Interest, Recent News, Security, Technology News

Major Security Issues Found With Popular Android App

Apple M1 Macs Are Not Immune To Malware

Apple, Blog, General Interest, Malware and Virus Protection, Recent News, Security, Technology News

Apple M1 Macs Are Not Immune To Malware

Update Available To Fix Windows 10 Crashing Issue

Blog, General Interest, Microsoft, Recent News, Technology News, Windows

Update Available To Fix Windows 10 Crashing Issue

Recent Posts

  • Major Security Issues Found With Popular Android App
  • Apple M1 Macs Are Not Immune To Malware
  • Update Available To Fix Windows 10 Crashing Issue

Archives

Categories

Get a Domain Registered


$.99* .COM Domain! Get going with GoDaddy!

Back To Top
Bayou Technologies | Lake Charles, Louisiana | Technology | Cybersecurity | Communication | Marketing
  • Home
  • Technology
  • Cybersecurity
  • Communication
  • Marketing
  • Newsletter
  • Blog
  • Support
  • Contact

BBB Logo

Bayou Technologies, LLC
✖
Bayou Technologies is a BBB Accredited Busines
A+
On a scale of A+ to F

Reviewed, Evaluated and Accredited

Meets All 26 Standards of Accreditation

BBB Accredited since 1/1/2012

Click here for BBB Business Report on Bayou Technologies, LLC

BBB Accredited:

BBB Rating as of:

Verify Bayou Technologies, LLC
Bayou Technologies, LLC © 2019
Website Development and Marketing in Lake Charles, Louisiana
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT