Credit-card-stealing criminals target WooCommerce, an e-tailer platform, with a JavaScript-based card-skimming malware. The malware doesn t just intercept payment information entered into the fields on a check-out page. Instead of injecting malicious, third-party code, the attackers in this attack modified a normally benign JavaScript file that is intentionally used on the site. The fact that the malware is lodged itself within an already existing and legitimate file makes it harder to detect, researcher Ben Martin said.
Source: https://threatpost.com/woocommerce-card-skimmer-malware/154699/