According to Security Affairs, WooCommerce e-stores have fallen victim to e-skimmers, designed to steal credit card details through an attack campaign exploiting Dessky Snippets, a lesser-known WordPress plugin allowing custom PHP code insertions.
Despite its limited visibility with just over 200 installations, Dessky Snippets has become a target for cybercriminals.
The malware injected into these sites includes a deceitful function, which establishes a connection with WooCommerce’s billing form.
This function alters the form to incorporate additional fields, enabling the capture of credit card information early in the transaction process.
Additionally, a concealed credit card skimmer with POST data tracking capabilities has been identified. It operates by monitoring certain parameters and triggering the exfiltration of billing and credit card data upon detection.
Researchers at Sucuri have noted that the attackers have taken steps to avoid detection, such as deactivating auto-fill in the fraudulent checkout form. This maneuver adds another layer of camouflage to their illicit activities.
To combat these threats effectively, organizations are advised to adopt several measures.
These include keeping software updated with the latest patches, staying vigilant against emerging threats, integrating only trusted scripts, and implementing robust security measures such as strong passwords, firewalls, and a content security policy.
These proactive steps are crucial in safeguarding e-commerce sites against cyberattacks.
