Discovered by RiskIQ, the vulnerabilities target retailers using third-party themes and tools to integrate into WooCommerce pages that are particularly prone to Magecart risk.
As a result, many consumers are potentially vulnerable to having credit card details stolen ahead of the holiday shopping season.
Further research by Barn2, a software company that specializes in WooCommerce products and WordPress, found that WooCommerce represents 29% of the top one million websites using ecommerce technologies. This exceeds five million active installs of the free plugin as of early 2021.
WooCommerce is notably popular because it is a free to use and easily customisable WordPress plugin.
“WooCommerce users are often small and medium-sized businesses, sometimes considered the most vulnerable, as they lack resources for complex and highly-vetted third-party tools. As we’ve seen over the years, both small and large retailers can be the targets of Magecart skimming,” RiskIQ wrote in its blog post.
In a typical Magecart attack, threat actors use a vulnerability and weaknesses in an ecommerce platform to inject a malicious code that skims online payment forms to intercept the payment information of unsuspecting customers.
As these third-party tools integrate with thousands of websites, when one supplier is compromised, Magecart has effectively breached thousands of sites at once.
RiskIQ’s detection of skimmers and other malware shows the innumerable ways threat actors gain access, deploy, and hide their tools on victim websites and advice site operations to regularly inspect their crontab commands for strange contents, ensure that access permissions are correct, and audit file access to it.