Skip to main content

Hackers Targeting WooCommerce Users To Steal Credit Card Information

By April 22, 2020May 5th, 2022Cybersecurity

WooCommerce is a WordPress-based, free plugin that makes it incredibly easy to sell just about anything online. With more than five million installations, it’s clearly a favorite on the web. Unfortunately, its popularity also makes it an easy target.

Ben Martin and Willem de Groot are researchers with Sanguine Security. They found a new attack that specifically targets site owners with WooCommerce installed.

The first indication that something was amiss was a spike in fraudulent credit card transaction reports from clients with WooCommerce installed. The company performed an integrity check on the core files of their impacted customers and found a number of JavaScript files with malicious code appended to them. An analysis of the code revealed it to be a new credit card skimmer that was cleverly designed to cover its own tracks.

Martin had this to say about the company’s discovery:

Naturally, WooCommerce and other WordPress-based ecommerce websites have been targeted before, but this has typically been limited to modifications of payment details within the plugin settings. For example, forwarding payments to the attacker’s PayPal email instead of the legitimate website owner. Seeing a dedicated credit card swiping malware within WordPress is something fairly new.”

As for those JavaScript files:

The JavaScript itself is a little difficult to understand, but one thing that is clear is that the infection saves both the credit card number and the card security code in plain text in the form of cookies. As is typical in PHP malware, several layers of encoding and concatenation are employed in an attempt to avoid detection and hide its core code from the average webmaster.”

If you own a business of any size and you use WooCommerce to handle your online sales, Martin recommends disabling direct file editing for wp-admin by adding the following line to your wp-config.php file:

“define( ‘DISALLOW_FILE_EDIT’, true );” (without the quotation marks).

While that won’t offer bullet-proof protection, it will make your site more secure and harder for the attackers to hack.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.