"This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment details," Sucuri researcher Puja Srivastava said in a new analysis.
"The malware activates specifically on checkout pages, either by hijacking existing payment fields or injecting a fake credit card form."
"The JavaScript code works by checking if the current page is a checkout page and ensures that it springs into action only after the site visitor is about to enter their payment details, at which point it dynamically creates a bogus payment screen that mimics legitimate payment processors like Stripe."
"The stolen data is subsequently Base64-encoded and combined with AES-CBC encryption to make it appear harmless and resist analysis attempts."
Collection
[
|
...
]