During a recent investigation, the team at Sucuri have identified malware that collects sensitive data currently spreading to target WooCommerce websites in compromised hosting environments.

The malware is spread via an ongoing wave of exploits against vulnerable WordPress plugins. Check here for the list of plugins: https://labs.sucuri.net/vulnerabilities-digest-april-2020/

For more information please check the official public release.

For websites at risk, it is recommended to run a server-side scanner that can monitor the filesystem for changes so that the presence of the malware is detected.

Beyond that, it is recommended to update your themes and plugins to their latest versions and ensure that your host is using the latest stable version of PHP.

If you have questions, don’t hesitate to contact our support team.