Highly-convincing phishing pages impersonating Stripe and other payment services have been created using the novel PhishWP WordPress plugin and have spread across Russian cybercrime forums, SC Media reports.
Aside from intercepting credit card information, the PhishWP Phishing-as-a-Service tool has also allowed for the compromise of one-time passwords for 3D Secure authentication and other browser details.
They are then exfiltrated in real-time to a Telegram chat, explained Jason Soroko, senior fellow at Sectigo. Soroko said threat actors could also facilitate SEO poisoning attacks to promote WordPress sites with bogus product listings created through PhishWP.
"This immediate forwarding of information equips cybercriminals with the necessary credentials to make fraudulent purchases or resell the stolen data — sometimes within minutes of capturing it," said Soroko.
The PhishWP story comes amid persistent targeting of WordPress sites through malicious or vulnerable plugins, as well as the mounting use of fake product listings to exfiltrate credit card information as reported In October 2024 by HUMAN'S Satori Threat Intelligence and Research team.
