WordPress, a widely used free content management system (CMS), enables the creation of websites without the need for programming expertise. Today, it powers nearly half of the world’s websites, including various e-commerce platforms.
However, this popularity has attracted the attention of cybercriminals exploiting fake plugins to steal credit card information from users on WordPress-based e-commerce sites.
Sucuri, a company specialising in website security, revealed this alarming trend. According to their findings, these cyber-attacks specifically target e-commerce platforms.
The modus operandi of these hackers involves creating counterfeit administrator IDs on e-commerce sites using these deceptive WordPress plugins and embedding harmful JavaScript code.
This malicious code can steal credit card details from users on e-commerce sites and transmit them to remote hackers.
It has been discovered that these counterfeit plugins are installed on websites either by creating a bogus admin user or by exploiting security vulnerabilities.
Once installed, these fake plugins manifest as MU (Must Use). As an MU plugin, it gets activated automatically and can even inject malware into the checkout page of e-commerce websites.
“As with many other malicious or fake WordPress plugins it contains some deceptive information at the top of the file to give it a veneer of legitimacy,” security researcher Ben Martin said. “In this case, comments claim the code to be ‘WordPress Cache Addons.'”
Security researcher Ben Martin pointed out that these harmful and counterfeit WordPress plugins are frequently misrepresented, leading many to mistake them for legitimate plugins like WordPress Cash Addons.
Adding to the complexity, these malicious plugins remain hidden in the website’s admin panel, making their detection quite challenging.
Previously, research has found that more than 90K WordPress sites are vulnerable due to a critical flaw.