WooCommerce e-stores have been compromised with e-skimmers meant to exfiltrate credit card details through an attack campaign exploiting Dessky Snippets, an obscure WordPress plugin enabling custom PHP code insertions that has since amassed more than 200 installations, reports Security Affairs.
Included in the malware were a fraudulent function that establishes a connection with the billing form of WooCommerce, which is then modified to include more fields to allow earlier credit card information requests, and a hidden credit card skimmer with POST data tracking capabilities that would trigger billing and credit card data exfiltration upon the detection of certain parameters, according to a Sucuri report.
Further analysis also revealed the deactivation of auto-fill in the fake checkout form in a bid to better evade detection, said researchers. Organizations have been urged to mitigate e-commerce site threats by ensuring up-to-date software patches, tracking threats, integrating only trusted scripts, and implementing robust passwords, firewalls, and a content security policy.
