Server Side Credit Card Skimmer Lodged in Obscure Plugin

Attackers are increasingly using obscure methods to inject malware into websites, with a recent case involving the use of the obscure PHP snippet plugin, Dessky Snippets, to install server-side malware and harvest credit card details from a WooCommerce store. The incident was flagged by reports of stolen credit card information, prompting a deeper investigation by analyst Conrado Torquato. Attackers often exploit WordPress plugins that allow code manipulation, such as WordPress File Manager, WPCode, and Simple Custom CSS and JS. In this instance, the attackers leveraged Dessky Snippets, a rarely used plugin with only a few hundred active installations, to carry out their malicious activities.

Server Side Credit Card Skimmer Lodged in Obscure Plugin

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address

Server Side Credit Card Skimmer Lodged in Obscure Plugin

22-May-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address