Image: Erik Mclean

Researchers at website security firm Sucuri have discovered a new WordPress malware used by threat actors to scan for and identify WooCommerce online shops with a lot of customers to be targeted in future Magecart attacks.

WooCommerce is an open-source WordPress plugin with over 5 million active installs and designed to make it easy to run e-commerce sites that can be used to “sell anything, anywhere.”

Attacking WooCommerce online stores is not something new as shown by previous attacks that were attempting to hack into online stores by brute-forcing admin passwords with the end goal of harvesting