- Vulnerability in the Dessky Snippets plugin allows attackers to inject malicious code.
- The malware modifies WooCommerce checkout forms to steal credit card info.
- Users should update plugins, limit usage, and monitor for suspicious activity.
If you have the little-known WordPress plugin, Dessky Snippets, installed, you might want to pay close attention.
Cybersecurity experts from Sucuri have found that cybercriminals are exploiting a vulnerability in this plugin to steal credit card data from online shoppers.
What’s Happening?
Dessky Snippets is a WordPress plugin that lets website administrators add custom PHP code to their sites. While this might sound harmless, it has become a prime target for attackers who are on the hunt for vulnerable e-commerce websites.
These attackers search for active installations of the plugin, and once they find them, they exploit the vulnerability to plant malicious code.
This code is a type of server-side PHP malware designed to skim credit card information from unsuspecting users.
How Does It Work?
The malicious code is cleverly hidden in the dnsp_settings
option in the WordPress wp_options
table.
Its main goal is to interfere with the checkout process in WooCommerce, a popular WordPress plugin for online stores.
The malware does this by modifying the billing form and injecting additional fields that appear to be part of the standard checkout process.
When customers go to make a purchase, they are asked to enter their names, addresses, credit card numbers, expiration dates, and CVV codes into these extra fields. To make matters worse, autocomplete is disabled on these fake forms.
This means that even if a user typically has their browser set to autofill such details, it won’t work here.
This tactic makes the fields look legitimate and ensures that users manually enter their sensitive information, making the scam less obvious.
Why Should You Care?
WordPress is the most popular website builder in the world, making it a huge target for cybercriminals.
While WordPress itself is generally considered secure, its plugins and themes are often less so.
This means plugins like Dessky Snippets can become weak points, giving attackers an easy way in.
The Sucuri researchers emphasize that this kind of attack is particularly dangerous because it targets online stores where financial transactions are routine.
By compromising the checkout process, attackers can collect a trove of financial data that they can then use or sell on the dark web.
What Can You Do?
To protect your site and your customers, follow these best practices:
- Limit Plugins and Themes: Only keep the plugins and themes you actively use on your WordPress site. Unused ones should be deleted.
- Regular Updates: Make sure all your plugins and themes are up to date. Developers often release updates to patch vulnerabilities.
- Security Plugins: Consider installing security plugins that can help detect and block malicious activity.
- Monitor Transactions: Regularly check your site’s transaction logs for any unusual activity.
- Educate Your Users: Inform your customers about potential red flags, like unexpected requests for their credit card information or the absence of autocomplete on forms.
While WordPress remains a robust and versatile platform, it’s crucial to stay vigilant about the plugins and themes you use.
Keeping everything updated and being aware of potential threats can go a long way in protecting your website and your customer’s data from cybercriminals. Stay safe online!