Researchers at Sucuri have discovered a new WordPress malware used by threat actors to scan for and identify WooCommerce online shops with a lot of customers to be targeted in future Magecart attacks. The malware is installed in the form of a malicious PHP script as part of the post-exploit stage that follows the successful compromise of a vulnerable WordPress site. It extracts database credentials that will allow it to access the compromised store’s WordPress database and run queries designed to collect WooCommerce-specific information including the store’s total number of orders and payments.
Source: https://www.bleepingcomputer.com/news/security/wordpress-malware-finds-woocommerce-sites-for-magecart-attacks/