WordPress Injection Exfiltrates Admin Login

wp-login.php injection silently exfiltrates a victim’s username and password back to the attacker’s server.
.wtf() Skimmer Targets WooCommerce PayPal Pro

A JavaScript skimmer designed to steal payment data entered into the WooCommerce PayPal Pro gateway on the victim’s infected ecommerce website. Lowkey exfiltration domain: templatesurvey[.]com.
How PHP Droppers Spread Malware

A breakdown of how PHP droppers are used to spread binary malware through malicious URLs and spam emails.
Malware Disables Wordfence Security Plugin & Forges Timestamps

A malicious PHP file is used to take down Wordfence plugin before it adjusts its own mtime timestamp.
Skimmer Loaded Via Image On MemberPress Checkout Form & Magento

A payment card skimmer hidden within an existing PNG image on an infected WordPress website that uses MemberPress and collects payment data for private membership. A variant was also found stealing payment card information on an infected Magento website.