New Magecart attacks involve the deployment of a malicious WordPress plugin that enables fraudulent admin user creation and credit card data exfiltration in e-commerce websites, The Hacker News reports. After being installed either through a compromised admin user or plugin bug exploitation, the new plugin, which purports to be “WordPress Cache Addons”
Source: SC Magazine