WordPress sites are being hit by sneaky code that can steal credit card data

WordPress
(Image credit: Pixabay)

A vulnerability in a WordPress plugin is being abused to install malicious code and steal people’s payment data, experts have warned.

A report from cybersecurity researchers Sucuri, who discovered the attack, claim Dessky Snippets, a relatively unknown WordPress plugin, allows website administrators to add custom PHP code to their sites. 

In these instances, the report states, the attackers were looking for active installations among websites with online shops. Once found, they would use the vulnerability to install a server-side PHP credit card skimming malware, allowing them to steal financial data from the victims. 

New payment forms

"This malicious code was saved in the dnsp_settings option in the WordPress wp_options table and was designed to modify the checkout process in WooCommerce by manipulating the billing form and injecting its own code," Sucuri’s researchers said in their writeup.

Namely, this new code adds additional forms to the checkout page, where customers are asked to add their names, addresses, credit card numbers, expiry dates, and CVV numbers. It is also worth mentioning that on these fake forms, autocomplete is disabled. Hence, users who have autocomplete turned on should see this as a red flag.

"By manually disabling this feature on the fake checkout form it reduces the likelihood that the browser will warn the user that sensitive information is being entered, and ensures that the fields stay blank until manually filled out by the user, reducing suspicion and making the fields appear as regular, necessary inputs for the transaction," Sucuri explained.

Being the most popular website builder out there, WordPress is a major target among cybercriminals. However, since the platform is generally considered safe, the attackers shifted their attention towards plugins and themes, which are far less secure. As a general rule of thumb, WP users should only keep those plugins and themes they are actually using, and should make sure they are always up to date. 

Via The Hacker News

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A person holding a credit card in one hand while typing on a laptop keyboard with the other.
WordPress users targeted by devious new credit card skimmer malware
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Thousands of WordPress websites hit in new malware attack, here's what we know
WordPress
Another top WordPress plugin found carrying critical security flaws
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
A person holding a credit card in one hand while typing on a laptop keyboard with the other.
Google system abused by hackers to hijack ecommerce stores
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Over 10,000 WordPress sites found showing fake Google browser update pages to spread malware
Latest in Security
Data leak
Hacked Tata Technologies data leaked by ransomware gang
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Latest in News
Samsung Galaxy Z Fold 6
The Samsung Galaxy Z Fold 7 could be in line for a Galaxy S25 Ultra-level camera upgrade
Data leak
Hacked Tata Technologies data leaked by ransomware gang
A close up of Billy Bob Thornton's Tommy Norris in Paramount Plus' Landman TV series
The Taylor Sheridan supremacy lives on at Paramount+ as Landman gets renewed for season 2
Ryzen 9000 promotional material
AMD's most powerful processor ever actually runs better on Windows 10 than Windows 11
Intel CEO Lip-Bu Tan
Intel reveals its new CEO
The SAG-AFTRA San-Fransisco-North California Local
SAG-AFTRA union and video game industry bargaining group remain at odds as agreements on AI protections still 'frustratingly far apart'