Threat hunters have discovered a rogue WordPress plugin that's capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri. "As with many other malicious or fake WordPress plugins it contains some deceptive information at the top of the file to give it a veneer of legitimacy," security researcher Ben Martin said. "In this case, comments claim the code to be 'WordPress Cache Addons.'" Malicious plugins typically find their way to WordPress sites via either a compromised admin user or the exploitation of security flaws in another plugin already installed on the site. Post installation, the plugin replicates itself to the mu-plugins (or must-use plugins) directory so that it's automatically enabled and conceals its presence from the admin panel. UPCOMING WEBINAR [ Beat AI-Powered Threats with Zero Trust – Webinar for Security Professionals ](https://thehacker.news/zero-trust-attack-surface?source=inside) Traditional security measures won't cut it in today's world. It's time for Zero Trust Security. Secure your data like never before. Join Now "Since the only way to remove any of the mu-plugins is by manually removing the file the malware goes out of its way to prevent this," Martin explained. "The malware accomplishes this by unregistering callback functions for hooks that plugins like this normally use." The…Read More
References
Back to Main