wordpress and woocommerce data breached

             A sophisticated malware campaign is currently targeting WordPress and WooCommerce websites, deploying highly obfuscated credit card skimmers and credential theft tools, marking a significant escalation in e-commerce cyber threats.

 

This malware family showcases advanced technical sophistication through its modular architecture, featuring various variants aimed at payment data theft, WordPress credential harvesting, and fraudulent advertising injection.

wordpress and woocommerce data breachedwordpress and woocommerce data breached

          Notably, it employs anti-analysis measures typical of advanced persistent threats, such as developer tools detection and console rebinding, allowing attackers to seamlessly integrate malicious functions into legitimate checkout processes.

 

The operational timeline indicates ongoing development and deployment activities since September 2023, suggesting a well-resourced threat actor capable of long-term operations. The malware cleverly avoids detection by limiting execution to specific areas of websites, using cookies to identify site administrators, and employing sophisticated targeting mechanisms to maximize data collection while remaining covert.

wordpress and woocommerce data breachedwordpress and woocommerce data breached

          Wordfence researchers identified this malware during a routine site cleanup on May 16, 2025, uncovering a complex infrastructure supporting multiple attack vectors across numerous compromised sites. Alarmingly, the malware is packaged as a rogue WordPress plugin, creating persistent infrastructure on victim websites and enabling distributed command and control capabilities while masquerading as legitimate functionality.

 

The malware's advanced anti-analysis techniques include debugger traps and infinite loops designed to disrupt debugging efforts, showcasing a level of sophistication rarely seen in commodity malware campaigns targeting e-commerce platforms.