The Wordfence Threat Intelligence Team recently discovered a sophisticated malware campaign targeting WordPress e-commerce sites, specifically those using the WooCommerce plugin. This malware exhibits advanced features including custom encryption methods, fake images used to conceal malicious payloads, a robust persistence layer that allows attackers to deploy additional code on demand, all packaged as a rogue WordPress plugin.
This comprehensive malware sample was shared with us by a Wordfence user on August 21, 2025. Four malware detection signatures were developed and released after undergoing our QA process between August 27, 2025 and September 9, 2025. All Wordfence Premium, Care, and Response
Click here to continue reading this article.