Advertisement
Security researchers from Sucuri have uncovered a concerning vulnerability in a WordPress plugin known as Dessky Snippets, which has been exploited by cybercriminals to compromise websites and steal payment data. Dessky Snippets, although not widely known, enables website administrators to insert custom PHP code into their WordPress sites.
According to Sucuri’s report, attackers have been specifically targeting websites with online shops, leveraging the vulnerability in Dessky Snippets to implant a server-side PHP credit card skimming malware. This insidious code is surreptitiously stored within the dnsp_settings option in the WordPress wp_options table. Once embedded, the malware manipulates the checkout process within WooCommerce, a popular e-commerce plugin for WordPress, by tampering with the billing form and injecting malicious code.
The injected code introduces additional fields into the checkout page, prompting unsuspecting customers to input sensitive information such as their names, addresses, credit card details (including numbers and expiry dates), and CVV numbers. Notably, the attackers have disabled autocomplete functionality on these fraudulent forms, aiming to prevent browsers from alerting users about the entry of sensitive data. This tactic serves to heighten the deception, making the additional fields appear innocuous and essential for completing the transaction.
Sucuri’s researchers emphasize that by circumventing autocomplete and leaving the fields empty until manually filled out by users, the attackers reduce suspicion and increase the likelihood of successful data theft. This manipulation of the checkout process underscores the sophistication of the attack and the lengths to which cybercriminals will go to exploit vulnerabilities in WordPress plugins.
Given WordPress’s widespread use and popularity, it remains a prime target for cyberattacks. While the core platform itself is generally considered secure, the myriad of plugins and themes available introduce potential vulnerabilities that attackers can exploit. As a precautionary measure, WordPress users are advised to regularly review and update their plugins and themes, ensuring that only essential ones are retained and that all software is kept up to date. By remaining vigilant and proactive in maintaining website security, users can mitigate the risk of falling victim to such malicious exploits.