Important Security Alert: Issue Found in React (Common Website Technology)
A serious security fault has been discovered in a piece of software called React, which many websites and online services use behind the scenes. This…
Credit Card Data Harvesting via Exploited WordPress Plugin on E-Commerce Sites
Overview
On May 11, 2024, Sucuri identified a newly observed Credit Card Data Harvesting campaign. The credit card skimming campaign is exploiting a vulnerability in the Dessky Snippets WordPress plugin to steal financial data from e-commerce websites.
Details of the Exploit:
- Targeted Plugin: ‘Dessky Snippets’ (Over 200 active installations)
- Malware Functionality: Attackers implant a server-side PHP credit card skimming malware into compromised sites, enabling the theft of financial data.
- Malicious Code: The code is saved in the dnsp_settings option in the WordPress wp_options table and modifies the WooCommerce checkout process by injecting its own code into the billing form. This manipulation involves the addition of new fields to the billing form to request comprehensive credit card details, which are subsequently forwarded to a malicious URL.
- Impact: Theft of credit card details entered during checkout on WooCommerce websites.
Attack Methodology
- Initial Access: Gained through known vulnerabilities in WordPress or easily guessable credentials.
- Post-Exploitation Actions: Attackers install additional plugins, both legitimate and malicious, similar to the one exploited in this campaign.
- Obfuscation Techniques: Includes disabling the autocomplete attribute. Disabling this attribute on the counterfeit checkout form reduces the likelihood of the user’s browser alerting them to the entry of sensitive information, lowering user suspicion.
Recommendations:
- Update Sites and Plugins: WordPress site owners, particularly those with E-Commerce functionalities, are advised to update their sites and plugins to the latest versions.
- Use Robust Passwords: Employ strong, unique passwords to prevent brute force attacks.
- Regular Monitoring: Routinely check sites for any unauthorised modifications or signs of malware.
By taking these actions, WordPress site owners can better protect their sites from this emerging threat and safeguard their users’ financial data.
Related articles
Microsoft SharePoint Attacks: What Your Business Needs to Know
A new wave of cyber attacks targeting Microsoft SharePoint has left many businesses exposed, according to multiple threat reports this week. Attackers are actively exploiting…
Microsoft 365: Legacy Authentication Protocols Security Update
Starting in mid-July 2025, Microsoft will begin automatically blocking legacy authentication protocols in Microsoft 365, with full enforcement expected by August 2025. This update addresses…