Thursday, January 23, 2025
HomeCyber CrimeNew WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment Data

New WordPress Plugin That Weaponizes Legit Sites To Steal Customer Payment Data

Published on

SIEM as a Service

Follow Us on Google News

Cybercriminals have developed PhishWP, a malicious WordPress plugin, to facilitate sophisticated phishing attacks, which enable attackers to create convincing replicas of legitimate payment gateways, such as Stripe, on compromised or fraudulent WordPress websites. 

By seamlessly integrating with Telegram, PhishWP facilitates real-time data exfiltration, including credit card details, personal information, and even 3DS authentication codes. 

This allows attackers to bypass security measures and execute fraudulent transactions with increased efficiency, posing a significant threat to online users and businesses alike.

Official advertisement for PhishWP

In order to steal user information during online transactions, a malicious WordPress plugin known as PhishWP uses a variety of deceptive strategies. 

By mimicking legitimate payment gateways, it harvests card details and 3DS codes through convincing interfaces. Integrated with Telegram, it immediately relays stolen information to attackers. 

It also profiles user environments and sends automated confirmation emails to lull victims into a false sense of security.

Multi-language support and obfuscation options enhance its versatility and stealth, enabling widespread and sophisticated phishing campaigns.

Example of what the attacker views after a successful attack

According to SlashNext, an attacker leverages PhishWP to create a fraudulent e-commerce site offering discounted products, which replicates Stripe payment pages, including 3DS authentication pop-ups. 

When users enter their payment and personal information without realizing it, the plugin secretly sends this sensitive data, including one-time passwords, to the attacker’s Telegram account.

This real-time data stream allows the attacker to quickly initiate unauthorized transactions or sell the stolen information on the dark web, causing significant financial and reputational harm to victims and businesses.

Attackers use PhishWP to compromise WordPress sites by breaching existing ones or creating fraudulent replicas.

These replicas are designed to mimic legitimate payment gateways, such as Stripe, replicating their visual design and language.

Victims are tricked into visiting these deceptive sites through targeted phishing campaigns, leading them to unknowingly enter sensitive financial and personal information into fake checkout pages.

PhishWP captures critical data, such as credit card details and security codes, and immediately transmits it to the attacker via channels like Telegram.

To maintain the illusion of a successful transaction, victims receive fraudulent confirmation emails, while the attackers exploit or monetize the stolen data within illicit online marketplaces.

ANY.RUN Threat Intelligence Lookup - Extract Millions of IOC's for Interactive Malware Analysis: Try for Free

Varshini
Varshini
Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...