Notify WordPress admins. If you are running the Deskky Snippets plugin on your WordPress eStores, scan your sites for potentially malicious codes. Criminal hackers have recently exploited the Deskkey Snippets plugin to deploy web scammers and steal payment information.

The Deskky Snippets plugin was used to deploy card skimming malware.

According to a recent Post From Sucuri, they found a serious security issue with the WordPress plugin Deskky Snippets. Although this issue does not normally affect the plugin structure, it allows malicious actors to exploit it maliciously.

As observed, hackers have exploited the Deskky Snippets plugin to deploy card skimming malware on target websites and steal payment information.

Desky Snippets is a lightweight WordPress plugin that helps admins add custom PHP code without modifying it. functions.php File accordingly pagethe plugin is relatively new in the WP plugin realm, with just over 200 installations.

With so few installations, the plugin doesn’t seem profitable for large-scale attacks on WordPress sites. However, it seems that threat actors abusing this plugin weren’t really concerned about expanding their reach. Instead, they were more interested in staying under the radar for longer.

Explaining the misuse of the plugin, Sucuri researchers observed the misuse of the plugin on May 11, 2024, with a simultaneous increase in its downloads. By analyzing the plugin code, they uncover an obscure web-scamming malware. As stated,

It was stored in malicious code. dnsp_settings option in WordPress wp_options table and was designed to modify the checkout process in WooCommerce by manipulating the billing form and injecting its own code.

Delving further, the researchers saw two segments in the malware – one with a generic name and a fake function twentytwenty_get_post_logos(), and another criminal who actually steals data. This apparently bogus function serves as a hook. woocommerce_after_checkout_billing_form, and adds more fields on checkout forms to include payment card details (which would otherwise appear on the following page). After obtaining the required data, the code then exports it to a third-party URL.

To avoid detection, the fake checkout overlay does not have the auto-complete feature enabled, to prevent browsers from generating warnings about entering sensitive information.

Protect your sites with precautions

Although WordPress plugin exploits, such as the case of the Deskkey Snippets plugin, seem inevitable, users can still largely prevent the risks by implementing one. Security Best Practices.

Sucuri advises users to keep their sites updated with the latest plugin releases, only integrate third-party scripts from trusted sources, set strong passwords for all accounts, use Web App Firewalls (WAF ), and perform regular site scans for malicious codes.

Similarly, customers visiting e-stores should also ensure the authenticity of the site and look for any subtle changes in the layout of the site that relate to their payment information. Also, keep an eye on Bank statements and credit reports It can also help in timely detection of any malicious activities and prevention of potential losses.

Let us know your thoughts in the comments.

Source link