Mobile Malware Alert: Anatsa Targets Travel Firms for Financial Fraud
Overview A sophisticated strain of mobile banking malware known as Anatsa has resurfaced, now targeting travel firms and their customers for financial fraud. Anatsa differs…
Credit Card Data Harvesting via Exploited WordPress Plugin on E-Commerce Sites
Overview
On May 11, 2024, Sucuri identified a newly observed Credit Card Data Harvesting campaign. The credit card skimming campaign is exploiting a vulnerability in the Dessky Snippets WordPress plugin to steal financial data from e-commerce websites.
Details of the Exploit:
- Targeted Plugin: ‘Dessky Snippets’ (Over 200 active installations)
- Malware Functionality: Attackers implant a server-side PHP credit card skimming malware into compromised sites, enabling the theft of financial data.
- Malicious Code: The code is saved in the dnsp_settings option in the WordPress wp_options table and modifies the WooCommerce checkout process by injecting its own code into the billing form. This manipulation involves the addition of new fields to the billing form to request comprehensive credit card details, which are subsequently forwarded to a malicious URL.
- Impact: Theft of credit card details entered during checkout on WooCommerce websites.
Attack Methodology
- Initial Access: Gained through known vulnerabilities in WordPress or easily guessable credentials.
- Post-Exploitation Actions: Attackers install additional plugins, both legitimate and malicious, similar to the one exploited in this campaign.
- Obfuscation Techniques: Includes disabling the autocomplete attribute. Disabling this attribute on the counterfeit checkout form reduces the likelihood of the user’s browser alerting them to the entry of sensitive information, lowering user suspicion.
Recommendations:
- Update Sites and Plugins: WordPress site owners, particularly those with E-Commerce functionalities, are advised to update their sites and plugins to the latest versions.
- Use Robust Passwords: Employ strong, unique passwords to prevent brute force attacks.
- Regular Monitoring: Routinely check sites for any unauthorised modifications or signs of malware.
By taking these actions, WordPress site owners can better protect their sites from this emerging threat and safeguard their users’ financial data.
Related articles
Alert: PayPal ‘New Address’ Phishing Scam
The Cyber and Fraud Centre Scotland would like to alert the public to a recent phishing scam exploiting PayPal’s “New Address” feature. How the Scam…
Gift Card Scams: Understanding and Preventing a Rising Trend
Gift card scams are a significant threat, with fraudsters increasingly targeting both businesses and individuals through sophisticated social engineering techniques. This article examines gift card…