WordPress Plugin Threatens Credit Card Security: A surge in Magecart attacks has been identified, involving the utilization of a nefarious WordPress plugin. This malicious plugin not only facilitates fraudulent admin user creation but also poses a significant threat to the security of credit card information on e-commerce websites, as detailed by The Hacker News.
The Unsettling Tactics
Deployment and Concealment
The malevolent WordPress plugin, masquerading as “WordPress Cache Addons,” infiltrates systems through compromised admin user accounts or by exploiting vulnerabilities in existing plugins. Once installed, it engages in self-replication to the must-use plugins directory, or mu-plugins, effectively evading detection.
Admin User Manipulation
According to a comprehensive report by Sucuri, the plugin goes beyond its initial infiltration. It establishes and conceals admin user accounts, exploiting the access levels inherent in compromised wp-admin administrator users. Sucuri security researcher Ben Martin notes, “installing plugins is certainly one of the key abilities that WordPress admins possess.”
Read More: How To Boost WordPress Site Security
Credit Card Data Exfiltration
The primary concern arises with the deployment of a credit card stealing backdoor, enabling the unauthorized extraction of sensitive credit card data. This insidious tactic poses a serious threat to the security and trustworthiness of e-commerce platforms.
Sucuri’s research sheds light on the methodology behind these attacks. The plugin’s ability to operate within the constraints of existing access levels underscores the sophistication of contemporary cyber threats. Sucuri emphasizes the need for heightened vigilance, given the prevalence of WordPress infections originating from compromised administrator users.
This revelation comes on the heels of Sucuri’s prior discovery of a fake WordPress patch designed to enable persistent remote access. The evolving nature of cyber threats underscores the importance of robust security measures in safeguarding digital assets.
The Magecart attacks involving a malicious WordPress plugin signal a new frontier in cyber threats targeting e-commerce platforms. Heightened security measures, regular audits, and prompt updates are imperative to shield against these evolving threats.
Feature Image Source: Nathan da Silva