In the recent wave of cybersecurity threats, hackers have exploited an obscure WordPress plugin to inject malware into websites. The targeted victims are WooCommerce online stores, where credit card information is being stolen by cybercriminals.

This alarming trend emphasizes the persistent threat that cybercriminals pose and underscores the need for robust security measures in the digital landscape. The attack was first identified when reports of stolen credit card information surfaced, prompting an investigation by cybersecurity analyst Conrado Torquato.

According to reports from Sucuri, the attackers leveraged the Dessky Snippets plugin, a relatively unknown WordPress plugin with only a few hundred active installations. This plugin allowed the attackers to add malicious PHP code to victim websites, effectively compromising the checkout process on WooCommerce stores. The malicious code was cleverly hidden beneath several blank lines in the plugin’s code, making it difficult for website owners to detect.

The malware embedded in the Dessky Snippets plugin was highly obfuscated, employing two main chunks of code. The first chunk used a bogus function named twentytwenty_get_post_logos, which acted as a hook to the WooCommerce woocommerce_after_checkout_billing_form hook. This function added new fields to the billing form, tricking users into entering their credit card details. The second chunk of code monitored POST data for specific parameters related to the injected form fields. Once detected, the malware sent the captured credit card information to a third-party URL.

To evade detection, the fake checkout overlay fields were set with autocomplete=”off,” preventing browsers from warning users about entering sensitive information and making the fields appear as legitimate inputs. E-commerce websites are prime targets for hackers due to the valuable data they handle.

To protect online stores from such attacks, it is crucial to implement the following security measures:

1. Keep Your Software Patched: Regularly update your CMS, plugins, themes, and third-party components to patch vulnerabilities.

2. Use Strong Passwords: Ensure all accounts, including admin, sFTP, and database credentials, have strong and unique passwords.

3. Select Trusted Scripts: Only integrate third-party JavaScript from reputable sources and avoid unnecessary third-party scripts.

4. Monitor for Threats: Regularly check your site for signs of malware, unauthorized changes, or any indicators of compromise.

5. Implement a Firewall: Use a web application firewall to block malicious bots, virtually patch known vulnerabilities, and filter harmful traffic.

6. Set Up a CSP: Establish a Content Security Policy (CSP) to protect against clickjacking, cross-site scripting (XSS), and other threats.

For website visitors, using script-blocking extensions like NoScript and maintaining robust antivirus software can help detect and prevent ongoing skimming attacks.

In conclusion, the exploitation of obscure WordPress plugins to inject malware into websites highlights the need for enhanced cybersecurity measures to protect sensitive data and prevent cyber threats. Vigilance and proactive security practices are essential in safeguarding online stores and website visitors from malicious attacks.

Source link