Subj : WordPress sites are being hit by sneaky code that can steal credi To : All From : TechnologyDaily Date : Tue May 28 2024 16:45:05 WordPress sites are being hit by sneaky code that can steal credit card data Date: Tue, 28 May 2024 15:32:56 +0000 Description: If you have this little-known WordPress plugin installed, be careful - it's being abused to drop credit card skimmers. FULL STORY ====================================================================== A vulnerability in a WordPress plugin is being abused to install malicious code and steal peoples payment data, experts have warned. A report from cybersecurity researchers Sucuri, who discovered the attack, claim Dessky Snippets, a relatively unknown WordPress plugin, allows website administrators to add custom PHP code to their sites. In these instances, the report states, the attackers were looking for active installations among websites with online shops. Once found, they would use the vulnerability to install a server-side PHP credit card skimming malware , allowing them to steal financial data from the victims. New payment forms "This malicious code was saved in the dnsp_settings option in the WordPress wp_options table and was designed to modify the checkout process in WooCommerce by manipulating the billing form and injecting its own code," Sucuris researchers said in their writeup. Namely, this new code adds additional forms to the checkout page, where customers are asked to add their names, addresses, credit card numbers, expiry dates, and CVV numbers. It is also worth mentioning that on these fake forms, autocomplete is disabled. Hence, users who have autocomplete turned on should see this as a red flag. "By manually disabling this feature on the fake checkout form it reduces the likelihood that the browser will warn the user that sensitive information is being entered, and ensures that the fields stay blank until manually filled out by the user, reducing suspicion and making the fields appear as regular, necessary inputs for the transaction," Sucuri explained. Being the most popular website builder out there, WordPress is a major target among cybercriminals. However, since the platform is generally considered safe, the attackers shifted their attention towards plugins and themes, which are far less secure. As a general rule of thumb, WP users should only keep those plugins and themes they are actually using, and should make sure they are always up to date. Via The Hacker News More from TechRadar Pro Another top WordPress plugin has a serious security flaw patch now to keep your website safe Here's a list of the best firewalls today These are the best endpoint protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/wordpress-sites-are-being-hit-by-sneaky -code-that-can-steal-credit-card-data --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .