- Hackers are exploiting a critical flaw in the Funnel Builder plugin to inject credit card skimmers into payment pages
- FunnelKit released a patched version, but more than half of active sites remain on older, vulnerable builds
- Stolen payment data is monetized through sales on the dark web and fraudulent ad purchases
Hackers are exploiting a critical vulnerability in a popular WordPress plugin to steal credit card information from people making online purchases.
Security researchers Sansec said they recently saw an active campaign targeting sites running the Funnel Builder plugin, which is apparently active on more than 40,000 e-commerce sites that lets businesses create sales funnels, landing pages, optimized payment flows, upsells and lead generation campaigns, all without any coding.
Sansec found that it carried a critical severity vulnerability (no CVE yet) that allows threat actors to add malicious JavaScript snippets to WooCommerce checkout pages without authentication. According to the researchers, someone used it to add a credit card skimmer capable of exfiltrating credit card numbers, CVVs, billing addresses and other customer information.
Corrects the error
We don’t know how many websites have been compromised this way, or how many people have lost their credit card information to the hackers – but the data they stole is all they need to make fraudulent purchases online.
In most cases, however, they just sell it on the dark web to the highest bidder. Usually, cybercriminals use stolen cards to buy ads on reputable ad networks and promote malware that can lead to ransomware infections.
Most ads for malware and info-stealing landing pages seen on Google are paid for with stolen credit cards and through compromised Google Ads accounts.
Since then, FunnelKit (the company behind the plugin) has addressed the issue and released a new version – 3.15.0.3. All users are advised to upgrade to this version and secure their websites immediately.
At press time, the official WordPress site shows that 50.3% of all sites are running older versions of Funnel Builder, meaning at least 20,000 sites are directly exposed. The remaining 49.7% are shown as running version 3.15, so we don’t know how many have patched. Therefore, the number of websites at risk may be even higher.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
