top of page
  • Clipeus

Active Magecart Threat For E-Commerce



Suruci Blog reports a likely active Magecart campaign targeting WordPress and WooCommerce websites with a malicious plugin. The malware is installed as a regular plugin in the WordPress Admin panel. Subsequently, it replicates itself in the mu-plugins directory where "must use" plugins are located, enabling a sophisticated evasion technique.


Additional evasion techniques include creating a hidden administrator with the pmv_create_hidden_admin function and subsequently reducing the administrator user count to hide the fraudulent admin user.


At checkout, the malware runs a JavaScript that exfiltrates payment information to an attacker-controlled domain, fbplx[.]com. This domain was created in September 2023, suggesting the threat is recent and likely still active.

Comments


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page