- Hackers are exploiting a critical flaw in the Funnel Builder plugin to inject credit card skimmers into checkout pages
- FunnelKit released a patched version, but more than half of active sites remain on older, vulnerable builds
- Stolen payment data is being monetized through dark web sales and fraudulent ad purchases
Hackers are exploiting a critical vulnerability in a popular WordPress plugin to steal credit card information from people making online purchases.
Security researchers Sansec said they recently spotted an active campaign targeting websites running the Funnel Builder plugin, which is apparently active on more than 40,000 ecommerce websites, letting businesses create sales funnels, landing pages, optimized checkout flows, upsells, and lead-generation campaigns, all without any coding.
Sansec found it carried a critical-severity vulnerability (no CVE yet), that allows threat actors to add malicious JavaScript snippets into WooCommerce checkout pages, without authentication. According to the researchers, someone used it to add a credit card skimmer capable of exfiltrating credit card numbers, CVVs, billing addresses, and other customer information.
Patching the flaw
We don’t know how many websites have been compromised this way, or how many people lost their credit card information to the hackers – however, the data they stole is all they need to make fraudulent purchases online.
In most cases, though, they just sell it on the dark web to the highest bidder. Usually cybercriminals use stolen cards to purchase ads on reputable ad networks and promote malware that can lead to ransomware infections.
Most of the ads for malware and infostealing landing pages seen on Google are paid for with stolen credit cards and through compromised Google Ads accounts.
Since then, FunnelKit (the company behind the plugin) addressed the issue and released a new version – 3.15.0.3. All users are advised to upgrade to this version and secure their websites immediately.
At press time, the official WordPress site shows 50.3% of all websites are running older versions of Funnel Builder, meaning at least 20,000 sites are directly exposed. The remaining 49.7% are shown as running version 3.15, so we don’t know how many have patched up. Therefore, number of websites at risk could possibly be even higher.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/PxxKy74xA4GapoubYuoRtK-2560-80.jpg
Source link
