• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Credit Card Stealers

WooCommerce Credit Card Skimmer Uses Telegram Bot to Exfiltrate Stolen Data

June 16, 2022Ben Martin

WooCommerce Credit Card Skimmer Uses Telegram Bot to Exfiltrate Stolen Data

Our story starts like many others told on this blog: A new client came to us with reported cases of credit card theft on their eCommerce website. The website owner had received complaints from several customers who reported bogus transactions on their cards shortly after…

Read More about WooCommerce Credit Card Skimmer Uses Telegram Bot to Exfiltrate Stolen Data

June 9, 2022Ben Martin

Smilodon Credit Card Skimming Malware Shifts to WordPress

WordPress’ massive market share has come with an unsurprising side effect: As more and more site admins turn to popular plugins like WooCommerce to turn a profit on their website…

Read More about Smilodon Credit Card Skimming Malware Shifts to WordPress

June 7, 2022Matt Morrow

It Takes 2 Seconds of Silence to Skim a Credit Card

E-commerce websites are valuable targets for attackers. Bad actors often leverage creative techniques to conceal their credit card stealers and gather sensitive credit card information from online storefronts. A recent…

Read More about It Takes 2 Seconds of Silence to Skim a Credit Card

Credit Card Stealer Targets PSiGate Payment Gateway Software

May 24, 2022Luke Leal

Credit Card Stealer Targets PsiGate Payment Gateway Software

Magento’s payment provider gateway offers functionalities for site owners to integrate stores with payment service providers. This handy feature lets a website create and handle transactions based on order details…

Read More about Credit Card Stealer Targets PsiGate Payment Gateway Software

Analyzing a WooCommerce credit card stealer

May 19, 2022Liam Smith

Analyzing a WooCommerce Credit Card Skimmer

The number of credit card skimmers targeting WooCommerce websites has skyrocketed over the past year, and threat actors have become increasingly creative in the different ways they obfuscate their payloads…

Read More about Analyzing a WooCommerce Credit Card Skimmer

Stylish Magento Card Stealer loads Without Script Tags

July 28, 2021Ben Martin

Stylish Magento Card Stealer loads Without Script Tags

Recently one of our analysts, Weston H., found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using any script tags. In this…

Read More about Stylish Magento Card Stealer loads Without Script Tags

Magento 2 PHP Skimmer Saves To Image File

March 10, 2021Luke Leal

Magento 2 PHP Credit Card Skimmer Saves to JPG

Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2 website revealed a malicious injection…

Read More about Magento 2 PHP Credit Card Skimmer Saves to JPG

Labs Note

November 11, 2020Denis Sinegubko

Another Credit Card Stealer That Pretends to Be Sucuri

During a routine investigation, we found yet another web skimmer that pretends to be related to Sucuri. One of our Remediation Analysts, Liam Smith, found the following code injected into…

Read More about Another Credit Card Stealer That Pretends to Be Sucuri

Labs Note

April 23, 2020Denis Sinegubko

Web Skimmer With a Domain Name Generator – Follow Up

This note is a follow up to our recent post about a web skimmer that uses a dynamic domain name generating algorithm. This week, analyst Ben Martin found another variation…

Read More about Web Skimmer With a Domain Name Generator – Follow Up

Labs Note

April 17, 2020Luke Leal

Magento JavaScript Skimmer Targets Tarjetas de Crédito

A website owner recently contacted us regarding a payment problem on their Magento website. A suspicious payment card form was loading for customers who were trying to pay for items…

Read More about Magento JavaScript Skimmer Targets Tarjetas de Crédito

Labs Note

February 7, 2020Luke Leal

Magento Credit Card Stealer: harilov[.]com

Our Remediation team lead Ben Martin recently discovered a single line obfuscated PHP injection in the main index.php file of a Magento 1.9.x website. It was being used to capture…

Read More about Magento Credit Card Stealer: harilov[.]com

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.