Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
Credit Card Data Harvesting via Exploited WordPress Plugin on E-Commerce Sites
Overview
On May 11, 2024, Sucuri identified a newly observed Credit Card Data Harvesting campaign. The credit card skimming campaign is exploiting a vulnerability in the Dessky Snippets WordPress plugin to steal financial data from e-commerce websites.
Details of the Exploit:
- Targeted Plugin: ‘Dessky Snippets’ (Over 200 active installations)
- Malware Functionality: Attackers implant a server-side PHP credit card skimming malware into compromised sites, enabling the theft of financial data.
- Malicious Code: The code is saved in the dnsp_settings option in the WordPress wp_options table and modifies the WooCommerce checkout process by injecting its own code into the billing form. This manipulation involves the addition of new fields to the billing form to request comprehensive credit card details, which are subsequently forwarded to a malicious URL.
- Impact: Theft of credit card details entered during checkout on WooCommerce websites.
Attack Methodology
- Initial Access: Gained through known vulnerabilities in WordPress or easily guessable credentials.
- Post-Exploitation Actions: Attackers install additional plugins, both legitimate and malicious, similar to the one exploited in this campaign.
- Obfuscation Techniques: Includes disabling the autocomplete attribute. Disabling this attribute on the counterfeit checkout form reduces the likelihood of the user’s browser alerting them to the entry of sensitive information, lowering user suspicion.
Recommendations:
- Update Sites and Plugins: WordPress site owners, particularly those with E-Commerce functionalities, are advised to update their sites and plugins to the latest versions.
- Use Robust Passwords: Employ strong, unique passwords to prevent brute force attacks.
- Regular Monitoring: Routinely check sites for any unauthorised modifications or signs of malware.
By taking these actions, WordPress site owners can better protect their sites from this emerging threat and safeguard their users’ financial data.
Related articles
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…
Public Alert: Windows 11 End of Support – Action Required
Microsoft has issued an important reminder that multiple editions of Windows 11 will reach the end of their support lifecycle on 8 October 2024. This…