WordPress sites are being hit with sneaky code that can steal credit card information
A vulnerability in a WordPress plugin is being exploited to install malicious code and steal people’s payment details, experts warn.
A report from cybersecurity researchers Sucuri, who discovered the attack, claims that Dessky Snippets, a relatively unknown WordPress plugin, allows website administrators to add custom PHP code to their sites.
In these cases, the report states, the attackers looked for active installations among online store websites. Once found, they would use the vulnerability to install a PHP credit card skimming malware on the server side, allowing them to steal financial data from the victims.
New forms of payment
“This malicious code was stored in the dnsp_settings option in WordPress’s wp_options table and is designed to modify the checkout process in WooCommerce by manipulating the invoice form and injecting its own code,” Sucuri researchers said in their article.
This new code adds additional forms to the checkout page, where customers are asked to add their name, address, credit card numbers, expiration dates and CVV numbers. It’s also worth mentioning that these fake forms have autofill disabled. Therefore, users who have autofill enabled should see this as a warning sign.
“By manually disabling this feature on the fake checkout form it reduces the chance of the browser alerting the user that sensitive information is being entered, and ensures that the fields remain blank until the user manually fills them in, reducing suspicion and the fields are filled in automatically. appear as regular, necessary input for the transaction,” Sucuri explains.
Being the most popular website builder, WordPress is a prime target among cybercriminals. However, since the platform is generally considered secure, the attackers shifted their focus to plugins and themes, which are much less secure. As a general rule of thumb, WP users should only keep those plugins and themes they actually use, and should ensure they are always up to date.
Through The hacker news