A sophisticated malware campaign targeting WordPress and WooCommerce sites has been uncovered, featuring advanced obfuscation, anti-analysis techniques, and a live backend disguised as a rogue plugin. The malware steals payment data, manipulates ads, and evades detection using deceptive tactics like fake Cloudflare verification. Over 20 variants exist, with data exfiltrated via fake image URLs and Telegram. Wordfence has released detection signatures to counter the threat.