Mumbai (Maharashtra) [India], March 24 (ANI/PRNewswire): Bluehost, one of the largest WordPress hosting providers in the world, today announced the launch of its new commerce solutions that make it simple for customers to launch their online stores and makes using WordPress easier by bringing together YITH plugins and WooCommerce. Addressing the need for a simple, convenient online selling solution for all, Bluehost’s new commerce solutions, bring together the power of WordPress, the versatility of WooCommerce and the elegant simplicity of YITH plugins to empower users to easily create online stores that truly stand out from the rest.

From a mobile-responsive eCommerce website to powerful connections with all the major online marketplaces, Bluehost’s commerce solutions enable users to sell products anywhere and everywhere confidently. The affordable all-in-one commerce solutions allow users to build a robust online store. Users can easily accept payments, sell across popular marketplaces, schedule calendar appointments, ship new customer orders, print labels, and add advanced features like GiftCards, WishList, Customer Account Page, and more. Site owners will save time and energy maintaining every aspect of their eCommerce business, all from one platform.

Bluehost’s commerce solutions make selling online easier and save customers hundreds of dollars by bundling enhanced plugins.

“We have so many customers around the world with unique needs and different levels of expertise building online stores,” said Ed Jay, President of Newfold Digital, the parent company of Bluehost and YITH. “With the launch of Bluehost’s new commerce solutions, our team is addressing the needs of small businesses looking for the flexibility and power of WordPress but want the experience of coming online and selling to be simple. The curated experience we are providing strikes the perfect balance of security, reliability, and functionality by taking the power of WordPress and putting it into the hands of users in a way that feels intuitive and native for each of our customers seeking to grow their businesses.”

Bluehost’s commerce solutions offer the functionality, and the perfect mix of tools, plugins and guidance online sellers need to start and grow their online business including:

– Easy Online Store Creation: Bluehost’s new commerce solutions come with an easy-to-follow onboarding experience. Answer a few simple questions and within minutes users will have the right foundation pages to launch their site. The guided onboarding experiences walks users through the set-up process for commonly needed features of an online store, like payment processing, tax information, shipping and managing product inventory. It helps customers launch further, faster by setting up their theme, fonts, top menu and homepage by assembling a custom design in a few simple steps.

– WooCommerce and Enhanced YITH Plugins: Both of Bluehost’s commerce solutions come with WooCommerce and enhanced YITH plugins. YITH is one of the largest sellers and developers of WooCommerce Plugins for WordPress, with nearly 2.3M active installs and more than 100 plugins that expertly solve critical eCommerce needs. Payment Processing, Gift Cards, Wish Lists, Appointment Bookings, Shipping, Product Search/Filtering and Customer Account Creation are included, providing users with everything they need to build an online store for a simple low price.

– Sales Across Multiple Marketplaces: Whether users are selling on Amazon, Etsy, eBay, Shopify, BigCommerce, or any other kind of marketplace, the Bluehost Online Store + Marketplace plan allows customers to manage their inventory from one centralized dashboard. This allows them to analyze which marketplace is the best place for selling their products, as well as keep track of inventory in real-time without having to log into multiple dashboards.

– Yoast SEO: The #1 WordPress SEO Plugin powering more than 13 million websites. Yoast SEO is made by world-renowned SEO experts and is packed full of features, designed to help visitors and search engines to get the most out of their website. Newfold acquired Yoast in August 2021.

– New WordPress eCommerce Block Theme “Wonder” Pre-installed: Take advantage of WordPress’s Block Editor with Wonder’s 24 patterns, focused on shops, and six different style variations. YITH, a leading global provider of WooCommerce plugins acquired by Newfold in March 2022, built Wonder leveraging their WordPress commerce expertise.

– Professional Services and 24/7 Expert Support: In-house Bluehost experts are readily available to help customers get online and support customers if roadblocks are encountered while creating an online store, via online chat or over the phone at 1800-419-4426.

For more information on Bluehost’s commerce solutions, including product features and details, visit Bluehost.in.

Bluehost is the leading web hosting solutions provider specializing in WordPress. Since its founding in 2003, Bluehost has been trusted by millions of people because it makes building, growing, and managing successful WordPress websites easy. Bluehost delivers a suite of WordPress solutions designed with the perfect mix of guidance, tools, and expertise to build a professional website. Bluehost is a part of the Newfold Digital family of brands. For more information on Bluehost, visit Bluehost.in.

Newfold Digital is a leading web and commerce technology company serving nearly 7 million customers globally. Established in 2021 through the combination of leading web services providers Endurance Web Presence and Web.com Group, our portfolio of brands includes: Bluehost, CrazyDomains, HostGator, Network Solutions, Register.com, Web.com, Yoast, YITH, and many others. We help customers of all sizes build a digital presence that delivers results. With our extensive product offerings and personalized support, we take pride in collaborating with our customers to serve their online presence needs. Learn more about Newfold Digital at Newfold.com.

Media Contact:

Paola Lorenzo

[email protected]

This story has been provided by PRNewswire. ANI will not be responsible in any way for the content of this article. (ANI/PRNewswire)

This story is auto-generated from a syndicated feed. ThePrint holds no responsibility for its content.

A sneaky new credit card stealer has been discovered hiding in places that are difficult to scan, and thus managing to steal payment (opens in new tab) information without triggering any alarms.

A report from cybersecurity experts Sucuri notes how it stumbled upon the malware when called in to investigate an “unusual infection” at one of its clients’ payment endpoints.

A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding their malicious code inside the ‘Authorize.net’ payment gateway module for WooCommcerce, allowing the breach to evade detection by security scans.

Historically, when threat actors breach a commerce site like Magenta or WordPress running WooCommerce, they inject malicious JavaScript into the HTML of the store or customer checkout pages. 

These scripts will then steal inputted customer information on checkout, such as credit card numbers, expiration dates, CVV numbers, addresses, phone numbers, and email addresses.

However, many online merchants now work with security software companies that scan the HTML of public-facing eCommerce sites to find malicious scripts, making it harder for threat actors to stay hidden.

To evade detection, the threat actors are now injecting malicious scripts directly into the site’s payment gateway modules used to process credit card payments on checkout.

As these extensions are usually only called after a user submits their credit card details and checks out at the store, it may be harder to detect by cybersecurity solutions.

The campaign was discovered by website security experts at Sucuri after being called in to investigate an unusual infection on one of their client’s systems.

Targeting payment gateways

WooCommerce is a popular eCommerce platform for WordPress used by roughly 40% of all online stores.

To accept credit cards on the site, stores utilize a payment processing system, such as Authorize.net, a popular processor used by 440,000 merchants worldwide.

On the compromised site, Sucuri discovered that threat actors modified the “class-wc-authorize-net-cim.php” file, one of Authorize.net’s files supporting the payment gateway’s integration to WooCommerce environments.

The code injected at the bottom of the file checks if the HTTP request body contains the “wc-authorize-net-cim-credit-card-account-number” string, which means it carries payment data after a user checks out their cart on the store.

If it does, the code generates a random password, encrypts the victim’s payment details with AES-128-CBC, and stores it in an image file that the attackers later retrieve.

A second injection performed by the attackers is on “wc-authorize-net-cim.min.js,” also an Authorize.net file.

The injected code captures additional payment details from input form elements on the infected website, aiming to intercept the victim’s name, shipping address, phone number, and zip/postal code.

Evading detection

Another notable aspect of this campaign is the stealthiness of the skimmer and its functions, which make it particularly hard to discover and uproot, leading to extended periods of data exfiltration.

First, the malicious code was injected in legitimate payment gateway files, so regular inspections that scan websites’ public HTML or look for suspicious file additions wouldn’t yield any results.

Secondly, saving stolen credit card details on an image file isn’t a new tactic, but strong encryption is a novel element that helps attackers evade detection. In past cases, threat actors stored stolen data in plaintext form, used weak, base64 encoding, or simply transferred the stolen information to the attackers during checkout.

Thirdly, the threat actors abuse WordPress’s Heartbeat API to emulate regular traffic and mix it with the victims’ payment data during exfiltration, which helps them evade detection from security tools monitoring for unauthorized data exfiltration.

As MageCart actors evolve their tactics and increasingly target WooCommerce and WordPress sites, it is essential for website owners and administrators to stay vigilant and enforce robust security measures.

This recent campaign discovered by Sukuri highlights the growing sophistication of credit card skimming attacks and the attackers’ ingenuity in bypassing security.