Attacks with the novel Caesar Cipher Skimmer have been deployed against WordPress, OpenCart, Magento, and other content management system platforms to facilitate the exfiltration of credit card information, according to The Hacker News.
Intrusions involved alterations of the WordPress plugin WooCommerce's checkout PHP file to enable staging of an HTML style sheet-emulating PHP script, which then allows retrieval of the credit card skimmer, a report from Sucuri showed. "The script sends the URL of the current web pages, which allows the attackers to send customized responses for each infected site. Some versions of the second layer script even check if it is loaded by a logged-in WordPress user and modify the response for them," said researcher Ben Martin, who also noted the targeting of the WPCode plugin. On the other hand, Magento-based websites are being compromised through malicious JavaScript injections on database tables. Such findings should prompt the implementation of password hygiene, consistent updates, and audits on CMS software and their plugins.
