Summary: A malicious WordPress plug-in named PhishWP has been discovered on a Russian cybercrime forum, designed to turn legitimate e-commerce sites into phishing pages that impersonate trusted payment services. This malware effectively steals customer payment data by creating fake online payment processes that appear secure and familiar to users.
Threat Actor: Russian Cybercriminals | Russian Cybercriminals
Victim: Online Shoppers | Online Shoppers
Key Point :
- PhishWP mimics legitimate payment processes, tricking users into entering sensitive information.
- The plug-in captures data such as credit card numbers and CVVs, sending it to attackers via Telegram.
- It features OTP hijacking and customizable checkout pages to enhance deception.
- Browser profiling collects additional data for future fraud, including IP addresses and user agents.
- Malicious auto-response emails provide fake order confirmations to delay detection.
- PhishWP supports multiple languages, allowing global targeting of victims.
- SlashNext recommends browser-based phishing protection to combat such threats effectively.