Credit card swipers are more often than not found inside online and brick and mortar retail point of sale systems, but a newer version has been targeting WordPress sites that use the WooCommerce plugin.
“The malware utilizes the file_put_contents function to dump the details into two separate image files (one .png and one .jpg) within the wp-content/uploads directory structure,” Martin said, adding he has only spotted a few instances of this type of attack so far.
Recommended Reading: CoinMiner found in third-party Zoom download
At this time Sucuri has not determined exactly how the criminals were able to gain entry to the WordPress site, but the security firm had a few hypotheses saying it could be a compromised wp-admin account, SFTP password, hosting password, or some piece of vulnerable software in the environment.
To counter the possibility that entry was made through a compromised account Martin recommends disable direct file editing for wp-admin by adding the following line to your wp-config.php file: define( ‘DISALLOW_FILE_EDIT’, true ); although taking this action even prevents admin users from being able to directly edit files from the wp-admin dashboard.