WooCommerce Sites Targeted by Sophisticated Malware Campaign

Cyber Security News by CyberSum.net

Published on October 31, 2025 at 06:00 AM

4 sources

The Wordfence Threat Intelligence Team has identified a sophisticated malware campaign targeting WordPress e-commerce sites using the WooCommerce plugin. The malware, disguised as legitimate plugins, hides payloads inside fake images and maintains remote command access. It intercepts login credentials and injects JavaScript skimmers into checkout pages to steal credit card data. The campaign is attributed to Magecart Group 12, known for persistent credit card skimming operations. Wordfence advises immediate scanning and vigilance for suspicious plugin installations.

Also Read

Kimsuky Group Deploys HttpTroy Backdoor in Spear-Phishing Attack

The Kimsuky threat actor has been linked to a spear-phishing attack using a new backdoor called HttpTroy. The attack involved a ZIP file disguised as a VPN invoice, which initiated a multi-stage infection process. The backdoor allows attackers to control compromised systems, execute commands, and capture screenshots. The malware employs advanced obfuscation techniques to evade detection.

By Cyber Security News by CyberSum.netNovember 3, 2025 at 03:00 PM