WordPress Plugin Exploits Websites to Steal Customer Payment Information

Home/BOTNET, Compromised, Exploitation, Internet Security, Security Advisory, Security Update/WordPress Plugin Exploits Websites to Steal Customer Payment Information

WordPress Plugin Exploits Websites to Steal Customer Payment Information

Cybercriminals created PhishWP, a malicious WordPress plugin, to mimic payment gateways like Stripe for phishing attacks on compromised sites.

PhishWP integrates with Telegram to steal real-time data, including credit card details and personal info. This helps attackers bypass security and execute fraudulent transactions.

PhishWP is a malicious WordPress plugin that steals user information during online transactions. It mimics real payment gateways to collect card details and 3DS codes. Integrated with Telegram, it sends stolen data to attackers.

Official advertisement for PhishWP

The plugin also profiles users and sends fake confirmation emails to trick victims. Its multi-language support and obfuscation options make it harder to detect and allow for widespread phishing attacks.

Example of the attacker’s view after a successful breach

According to SlashNext, an attacker uses PhishWP to set up a fake e-commerce site with discounted products that mimics Stripe payment pages, including 3DS authentication pop-ups.

When users unknowingly enter their payment and personal details, the plugin secretly sends this information, including one-time passwords, to the attacker’s Telegram account.

This allows the attacker to quickly carry out unauthorized transactions or sell the stolen data on the dark web, causing financial and reputational damage. Attackers can compromise WordPress sites by hacking existing ones or creating fake replicas.

PhishWP creates fake payment gateways, like Stripe, to trick victims into entering sensitive information. Targeted phishing campaigns lead users to these deceptive sites, where the plugin captures credit card details and security codes.

The stolen data is sent to the attacker via Telegram. Victims receive fake confirmation emails, while attackers exploit or sell the data on the dark web.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2025-01-13T22:55:40+05:30 January 7th, 2025|BOTNET, Compromised, Exploitation, Internet Security, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!