The credit card skimmer silently injects malicious JavaScript into database entries to steal sensitive payment details. The malware activates on checkout pages by hijacking existing payment fields or injecting a fake credit card form.

This malware dynamically creates a fake credit card form or extracts payment fields directly depending on the variant of the malware, activating only on checkout pages. The stolen data is then encrypted and exfiltrated to a remote server.

A recent WooCommerce skimming attack used a creative method to steal credit card details by hiding malicious code within style tags and embedding a fake payment overlay in an image file disguised as a favicon.

WordPress websites were found distributing the ClearFake Trojan malware, a dangerous threat that can lead to ransomware infections. The malware was disguised as a prompt to install a root certificate.

A recent investigation uncovered a credit card skimmer using a web socket connection to steal credit card details from an infected PrestaShop website. Attackers use web sockets for obfuscation, making it difficult to analyze traffic.

Attackers recently abused the swap file in a Magento e-commerce site to steal credit card information. Despite multiple cleanup attempts, the malware persisted until analysts discovered it.

A new variation of WordFence evasion malware has been discovered, concealing backdoors in infected WordPress environments. A suspicious plugin named "wp-engine-fast-action" was found tampering with the popular WordFence security plugin.

A new variation of the "gtag" credit card skimming attack, known as the "Caesar Cipher Skimmer," has been detected on multiple CMS platforms including WordPress, Magento, and OpenCart.

Hackers inject malicious code into vulnerable websites, displaying a misleading pop-up message urging users to update their web browsers. Clicking on the provided link leads to downloading malware like a remote access trojan or an info-stealer.

There are plenty of widely-used code snippet plugins available but in this case the attackers decided to use a very obscure plugin called Dessky Snippets, with only a few hundred active installations at the time of writing.