A sophisticated malware campaign has emerged threatening WordPress e-commerce platforms, specifically targeting those utilizing the WooCommerce plugin for transactions. This malware, identified in August 2025, demonstrates advanced capabilities to evade security detection through a rogue plugin that disguises malicious elements as legitimate content. It secures administrator access through compromised credentials, leading to a series of harmful activities including data harvesting and maintaining a hidden presence with tracking capabilities across affected sites.
The malware establishes extensive persistence with its coded structure, including a custom payload updated through AJAX backdoors and multiple exfiltration methods, ensuring data capture across various server environments. Notably, it has connections to the Magecart Group 12 and employs unique identifiers that link it to previous threat activities. Analysts, including those from Wordfence, cataloged the malware and issued detection signatures to help protect users from this ongoing threat. Given its intricate design, this malware poses a significant risk to e-commerce operations, underscoring the need for enhanced security measures and regular monitoring.
👉 Pročitaj original: Cyber Security News
