- Hackers exploit a critical flaw in the Funnel Builder plugin to inject credit card skimmers into payment pages.
- FunnelKit released a patched version, but more than half of active sites remain on older, vulnerable versions
- Stolen payment data is monetized through dark web sales and fraudulent ad buys
Hackers are exploiting a critical vulnerability in a popular WordPress plugin to steal the credit card information of people making online purchases.
Security researchers Sansec said they recently spotted an active campaign targeting websites running the Funnel Builder plugin, which is apparently active on more than 40,000 e-commerce sites, allowing businesses to create sales funnels, landing pages, optimized checkout flows, upsells and lead generation campaigns, all without any coding.
Sansec discovered that it has a critical severity vulnerability (no CVE yet), which allows bad actors to add malicious JavaScript code snippets into WooCommerce checkout pages, without authentication. According to researchers, someone used it to add a credit card skimmer that could exfiltrate credit card numbers, CVVs, billing addresses and other customer information.
Fix the flaw
We don’t know how many websites have been compromised this way, or how many people have lost their credit card information to hackers. However, the data they stole is all they need to make fraudulent purchases online.
In most cases, however, they simply sell it on the dark web to the highest bidder. Usually, cybercriminals use stolen cards to buy advertisements on reputable ad networks and promote malware that can lead to ransomware infections.
Most malware ads and information-stealing landing pages seen on Google are paid for with stolen credit cards and through compromised Google Ads accounts.
Since then, FunnelKit (the company behind the plugin) has fixed the issue and released a new version – 3.15.0.3. All users are advised to upgrade to this version and secure their websites immediately.
As of press time, the official WordPress site shows that 50.3% of all websites are running older versions of Funnel Builder, meaning at least 20,000 sites are directly exposed. The remaining 49.7% are running version 3.15, so we don’t know how many have been patched. Therefore, the number of at-risk websites could be even higher.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
