E-commerce businesses built on WordPress platforms are on high alert following the discovery of a malicious plugin designed to steal customer credit card information. Security researchers at Sucuri identified a fraudulent plugin masquerading as "WordPress Cache Addons" that injects skimming code into the checkout process of compromised websites.
This Magecart campaign, a type of cyberattack targeting online payment data, leverages the plugin's ability to create hidden administrator accounts, granting attackers persistent access to manipulate website functionalities. Once installed, the plugin discreetly replicates itself within a hard-to-detect directory, further complicating removal efforts.
"Deceptive plugins often contain misleading information to appear legitimate, " explained Sucuri security researcher Ben Martin. "In this case, the comments within the code claim it to be 'WordPress Cache Addons. '" This cloak of legitimacy allows the plugin to bypass initial scrutiny and establish a foothold within the system.
The stolen credit card data is then exfiltrated to a server controlled by the attackers. The report by Sucuri highlights the plugin's capability to not only steal information but also create administrator accounts, potentially granting the attackers long-term control over the compromised website. This extended access allows them to manipulate various aspects of the site, including product listings, promotions, and even customer data.
While the specific details of the exploited plugin remain undisclosed to prevent further misuse, the incident underscores the importance of vigilant security practices for WordPress-based e-commerce websites. Keeping plugins updated with the latest security patches and maintaining strong, unique administrator credentials are crucial steps in mitigating such attacks.
Security experts also recommend employing website security scanners to regularly monitor for vulnerabilities and malicious code injections. Additionally, implementing two-factor authentication for administrator accounts adds an extra layer of protection against unauthorized access attempts.