Monday, May 5, 2025
HomeCyber CrimeCredit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data

Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data

Published on

SIEM as a Service

Follow Us on Google News

Researchers analyzed a new stealthy credit card skimmer that targets WordPress checkout pages by injecting malicious JavaScript into the WordPress database. 

On checkout pages, the malware is designed to steal credit card information from users who are visiting those pages.

Whenever the page for the checkout is loaded, the malware examines the URL for the word “checkout” to make certain that it is functioning properly on the appropriate page. 

- Advertisement - Google News
injecting malicious JavaScript into database entries 
injecting malicious JavaScript into database entries 

Once the malware has been activated, it will inject a fake payment form that is designed to look like a legitimate payment processor. As the user fills out the fields on the form, the form is designed to record the credit card information that they provide. 

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Malware can also take over pre-existing payment fields on a page in order to steal information from those fields. Through the utilization of Base64 encoding and AES-CBC encryption, it conceals the data that has been stolen. 

It is then possible to exfiltrate the stolen data from the victim’s website by utilizing the navigator.sendBeacon function, which enables the data to be transmitted in a background manner without being detected. 

 HTML block widget
 HTML block widget

A visitor’s sensitive payment information can be stolen by malware, which can then be used for fraudulent transactions or sold on underground markets, making the malware a dangerous threat. 

According to Sucuri Blog, users examine their own Custom HTML widgets in search of script tags that are unfamiliar or suspicious in order to identify malicious software.

Users can also lessen the impact of this threat by ensuring that their WordPress sites are up-to-date and that they have the most recent security patches installed. 

Two-factor authentication and regular reviews of all admin accounts are also recommended as preventative measures, while the owners of websites have the ability to implement file integrity monitoring in order to identify any unauthorized changes made to the files of their websites. 

The use of a website firewall also allows for the blocking of malicious traffic and the prevention of attempts to hack the server from reaching the platform.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Hackers Exploit Email Fields to Launch XSS and SSRF Attacks

Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site...

Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims

A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed...

SonicBoom Attack Chain Lets Hackers Bypass Login and Gain Admin Control

Cybersecurity researchers have uncovered a dangerous new exploitation technique, dubbed the "SonicBoom Attack Chain,"...

Researcher Uses Copilot with WinDbg to Simplify Windows Crash Dump Analysis

A researcher has unveiled a novel integration between AI-powered Copilot and Microsoft's WinDbg, dramatically...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Exploit Email Fields to Launch XSS and SSRF Attacks

Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site...

Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims

A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed...

SonicBoom Attack Chain Lets Hackers Bypass Login and Gain Admin Control

Cybersecurity researchers have uncovered a dangerous new exploitation technique, dubbed the "SonicBoom Attack Chain,"...