- Hackers are exploiting a significant vulnerability within the Funnel Builder plugin to embed credit card skimmers in e-commerce checkout interfaces.
- FunnelKit has issued a corrective update, yet over half of live sites continue to operate on outdated, susceptible versions.
- The illicitly acquired payment details are being sold on the dark web and utilized for fraudulent advertisement transactions.
Cybercriminals are taking advantage of a grave security gap in a widely used WordPress plugin to pilfer credit card credentials from unsuspecting online shoppers.
Security analysts from Sansec disclosed that they have detected an active scheme targeting websites employing the Funnel Builder plugin, which reportedly supports over 40,000 e-commerce platforms.
This plugin enables businesses to effortlessly craft sales pipelines, landing pages, optimized checkout processes, upsells, and lead-generation strategies, all sans coding expertise.
Sansec identified a critical vulnerability, still awaiting a specific CVE designation, which permits threat actors to insert malicious JavaScript fragments into WooCommerce checkout pages without any authentication barriers.
As reported by the researchers, this flaw has been exploited to integrate a credit card skimmer capable of harvesting credit card numbers, CVVs, billing addresses, and various customer data.
Addressing the Vulnerability
While the extent of compromised websites remains uncertain, the stolen data is sufficient for perpetrating fraudulent online transactions.
In many instances, stolen credentials are offloaded on the dark web to the highest bidder, with cybercriminals frequently utilizing these illicitly obtained cards for ad purchases on legitimate advertisement networks, thereby promoting malware that may lead to ransomware assaults.
Much of the malware and information-stealing advertisements observed on commercial platforms like Google are typically financed through pilfered credit cards and compromised Google Ads accounts.
Subsequently, FunnelKit (the developer of the plugin) has resolved the issue and released an updated version—3.15.0.3. All users are strongly urged to upgrade immediately to safeguard their websites.
As of the latest check, approximately 50.3% of all websites are still operating on earlier builds of Funnel Builder, indicating that at least 20,000 sites remain vulnerable.
The remaining 49.7% are reported to be using version 3.15, leaving the exact number of patched sites unclear; thus, the risk may be even greater.
Source link: Techradar.com.
