Retailers using WooCommerce are the next target for Magecart card skimmer attacks

Credit card fraud online
(Image credit: Shutterstock/JARIRIYAWAT)

Three new Magecart attacks are taking advantage of potential vulnerabilities in the WooCommerce ecommerce platform, experts have warned.

Discovered by RiskIQ, the vulnerabilities target retailers using third-party themes and tools to integrate into  WooCommerce pages that are particularly prone to Magecart risk.

As a result, many consumers are potentially vulnerable to having credit card details stolen ahead of the holiday shopping season.

Magecart threat 

Further research by Barn2, a software company that specializes in WooCommerce products and WordPress, found that WooCommerce represents 29% of the top one million websites using ecommerce technologies. This exceeds five million active installs of the free plugin as of early 2021.

WooCommerce is notably popular because it is a free to use and easily customisable WordPress plugin

“WooCommerce users are often small and medium-sized businesses, sometimes considered the most vulnerable, as they lack resources for complex and highly-vetted third-party tools. As we've seen over the years, both small and large retailers can be the targets of Magecart skimming,” RiskIQ wrote in its blog post.

In a typical Magecart attack, threat actors use a vulnerability and weaknesses in an ecommerce platform to inject a malicious code that skims online payment forms to intercept the payment information of unsuspecting customers.

As these third-party tools integrate with thousands of websites, when one supplier is compromised, Magecart has effectively breached thousands of sites at once.

RiskIQ's detection of skimmers and other malware shows the innumerable ways threat actors gain access, deploy, and hide their tools on victim websites and advice site operations to regularly inspect their crontab commands for strange contents, ensure that access permissions are correct, and audit file access to it.

TOPICS
Abigail Opiah
B2B Editor - Web hosting & Website builders

Abigail is a B2B Editor that specializes in web hosting and website builder news, features and reviews at TechRadar Pro. She has been a B2B journalist for more than five years covering a wide range of topics in the technology sector from colocation and cloud to data centers and telecommunications. As a B2B web hosting and website builder editor, Abigail also writes how-to guides and deals for the sector, keeping up to date with the latest trends in the hosting industry. Abigail is also extremely keen on commissioning contributed content from experts in the web hosting and website builder field.