Hackers Attempt to Inject Malicious PHP Code via WordPress Plugin to Steal Ecommerce Website Credit Card Transaction Data
Recently, security firm Sucuri revealed a credit card skimming attack targeting WooCommerce e-commerce websites. Sucuri discovered the attack after a website administrator noticed the unusual activity and requested their assistance in investigating. The investigation revealed that the attack occurred on May 11th, using a relatively unpopular WordPress plugin called Dessky Snippets. The plugin’s download volume spiked on that day, indicating that many websites might have been affected.
The attackers exploited a vulnerability in the Dessky Snippets plugin to carry out the attack. Dessky Snippets is a plugin used to manage and execute code snippets on a website. The attackers used this plugin’s functionality to inject malicious PHP code into the affected website. When users make transactions on the infected ecommerce site, the malicious code logs the entered credit card data, including the credit card number, expiration date, and CVV security code. The attackers can use the stolen data for illegal activities, such as fund theft or credit card fraud.
To conceal the attack, the attackers also disabled the browser’s auto-fill feature, which keeps the fields blank until the user enters the data, thus tricking users into entering sensitive information related to online transactions. It also avoids the browser’s warning message that appears when a user enters sensitive data.
To protect websites from such attacks, here are some recommended security measures:
- Keep plugins and themes up-to-date: Ensure that your WordPress plugins and themes are updated to the latest version and check for updates regularly.
- Download plugins from trusted sources: Use the official WordPress plugin directory or reputable third-party marketplaces to download plugins.
- Perform regular security scans: Use security plugins or run security scans on your website to detect potential vulnerabilities and malware.
- Monitor website activity: Regularly check your website logs and activity records for any suspicious activity or unauthorized changes.
- Use reputable plugins and themes: Choose plugins and themes from reliable developers with good reviews.
- Secure passwords: Use strong and unique passwords to protect your WordPress admin account and other user accounts.
- Regularly backup your website: Back up your website and data regularly to prevent potential data loss or ransomware attacks.