April 12, 2024 at 01:57AM
Cybersecurity researchers have uncovered a credit card skimmer camouflaged in a fake Meta Pixel tracker script to evade detection. The malware is injected into websites through tools like WordPress plugins and Magento admin panel, allowing the injection of malicious JavaScript. Sites using WordPress and Magento are at risk of another malware called Magento Shoplift. It’s crucial to keep sites up-to-date, review admin accounts, and update passwords frequently to mitigate such risks.
Based on the meeting notes, the key takeaways are:
1. A credit card skimmer has been discovered within a fake Meta Pixel tracker script, injected into websites using tools that allow custom code, such as WordPress plugins like Simple Custom CSS and JS or the “Miscellaneous Scripts” section of the Magento admin panel.
2. The bogus Meta Pixel tracker script contains JavaScript code that substitutes references to the domain “connect.facebook[.]net” with “b-connected[.]com,” which hosts an additional malicious script (“fbevents.js”) to grab credit card details.
3. Mitigating risks includes maintaining up-to-date websites, reviewing admin accounts periodically, and updating passwords frequently to prevent threat actors from leveraging weak passwords and flaws in WordPress plugins.
4. The increasing popularity of WordPress in e-commerce makes it a prime target for attackers, who are modifying their MageCart e-commerce malware to target a wider range of CMS platforms, including WordPress.
These takeaways highlight the importance of maintaining website security, updating plugins, and keeping an eye out for potential vulnerabilities in WordPress and Magento platforms.