- Hackers are exploiting a critical flaw in the Funnel Builder plugin to inject credit card skimmers into checkout pages.
- FunnelKit released a patched version, but more than half of active sites remain on older, more vulnerable versions.
- Stolen payment data is monetized through dark web sales and fraudulent ad purchases
Hackers are exploiting a critical vulnerability in a popular WordPress plugin to steal credit card information from people making online purchases.
Security researchers Sansec said they recently detected an active campaign targeting websites running the Funnel Builder plugin, which is apparently active on more than 40,000 e-commerce websites, allowing businesses to create sales funnels, landing pages, optimized checkout flows, upsells, and lead generation campaigns, all without any coding.
Sansec discovered that it had a critical severity vulnerability (no CVE yet), which allows threat actors to add malicious JavaScript snippets to WooCommerce checkout pages, without authentication. According to researchers, someone used it to add a credit card skimmer capable of leaking credit card numbers, CVV, billing addresses and other customer information.
Patching the defect
We don’t know how many websites have been compromised this way, or how many people lost their credit card information to hackers; However, the data they stole is all they need to make fraudulent online purchases.
However, in most cases, they simply sell it on the dark web to the highest bidder. Cybercriminals typically use stolen cards to purchase ads on reputable ad networks and promote malware that can lead to ransomware infections.
Most malware ads and data-stealing landing pages seen on Google are paid for with stolen credit cards and through compromised Google Ads accounts.
FunnelKit (the company behind the plugin) has since fixed the issue and released a new version: 3.15.0.3. All users are recommended to upgrade to this version and secure their websites immediately.
At the time of this publication, the official WordPress site shows that 50.3% of all websites are running older versions of Funnel Builder, which means that at least 20,000 sites are directly exposed. The remaining 49.7% are shown running version 3.15, so we don’t know how many have updated. Therefore, the number of websites at risk could be even higher.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
