January 13, 2025 By Pierluigi Paganini
Stealthy credit card skimmer targets WordPress e-commerce sites, injecting malicious JavaScript into CMS database tables to evade detection.
Sucuri researchers warn of a stealthy credit card skimmer campaign targeting WordPress e-commerce sites by injecting malicious JavaScript into CMS database tables.
The attackers hide the malicious code in the WordPress wp_options table, injecting obfuscated JavaScript into widget_block to evade file scans and maintain persistence.
“The malicious code was embedded in the WordPress database under the wp_options table, specifically in the row:
option_name: widget_block
option_value: Contains obfuscated JavaScript code.” reads the post published by Sucuri.
“By injecting itself into the database rather than theme files or plugins, the malware avoids detection by common file-scanning tools. This allows it to persist quietly on compromised WordPress sites.”
