Sucuri researchers are warning of threat actors injecting credit card swipers into random plugins of e-commerce WordPress sites. The holidays season is the period when online scammers and threat actors intensify their operations.
Sucuri researchers have spotted a dangerous trend, threat actors are injecting the e-skimmers into WordPress plugin files, instead of ‘wp-admin’ and ‘wp-includes’ core directories which are more monitored.
While analyzing the logs of a compromised e-store, researchers notices some changes to plugin and theme files.
“The attackers know that most security plugins for WordPress contain some way to monitor the file integrity of core files (that is, the files in wp-admin and wp-includes directories). This makes any malware injected into these files very easy to spot even by less experienced website administrators. The next logical step for them would be to target plugin and theme files.” reads the analysis published by Sucuri.