WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

A new credit card skimmer campaign targets WordPress e-commerce sites by injecting malicious JavaScript into the wp_options table. The JavaScript code creates fake payment screens or captures data from legitimate ones, encrypting and transmitting stolen information to attacker-controlled servers. This campaign follows similar tactics, including phishing emails and transaction simulation spoofing, highlighting the evolving sophistication of cyber threats.