Cybersecurity researchers have uncovered a sophisticated credit card skimmer cunningly concealed within a counterfeit Meta Pixel tracker script, evading detection mechanisms. This malware infiltrates websites through seemingly benign channels such as WordPress plugins and Magento admin panels, exploiting custom script editors to insert malicious JavaScript code. By masquerading as legitimate elements within the script, such as substituting genuine domain references with malicious counterparts, the skimmer stealthily targets e-commerce platforms, particularly during checkout processes.
The deceptive nature of the skimmer extends further as it leverages compromised domains like “b-connected.com” to host the skimming code, while exfiltrating stolen credit card information to another compromised site, “www.donjuguetes.es”. To combat such threats, cybersecurity experts emphasize the importance of maintaining up-to-date websites, regularly reviewing admin accounts for validity, and frequently updating passwords. Additionally, given the dynamic nature of checkout pages, which often evade public scanners, manual inspection of page source code or monitoring network traffic becomes essential to identify these silent background operations.
This discovery coincides with revelations about another malware, Magento Shoplift, targeting WordPress and Magento-based sites since September 2023. With WordPress’s increasing role in e-commerce, facilitated by plugins like WooCommerce, it has become a prime target for attackers, necessitating adaptation of MageCart e-commerce malware to exploit a wider range of CMS platforms. As cyber threats evolve, proactive security measures remain crucial in safeguarding online transactions and maintaining the integrity of e-commerce platforms against increasingly sophisticated attacks.
