Cybersecurity researchers have uncovered a malicious WordPress plugin called PhishWP that transforms legitimate websites into tools for phishing scams. This plugin allows attackers to set up fake payment pages mimicking trusted services like Stripe, tricking users into divulging sensitive details, including credit card numbers, expiration dates, billing information, and even one-time passwords (OTPs) used for secure transactions.
How PhishWP Works
PhishWP works by setting up fake WordPress sites or hacking into legitimate ones. It then generates phishing checkout pages that closely mimic real payment interfaces. Victims receive this interface with false site addresses, where they enter sensitive financial information, including security codes and OTPs.
The stolen data is sent to attackers in real time because the plugin integrates with Telegram. Therefore, attackers can use or sell the information almost immediately. The browser details captured by PhishWP include IP addresses and screen resolutions, which attackers can use for future fraudulent activities.
Key Features
What has made the phishing plugin more advanced is that it ensures operations are seamless and almost undetectable.
Realistic Payment Interfaces: The plugin mimics the appearance of trusted services like Stripe.
3D Secure Code Theft: It fetches the OTP sent to everyone in the verification processes to successfully process fraudulent transactions.
Real-time Data Transfer: Telegram is used to send stolen information to attackers in real time.
Customizable and Worldwide: Multi-language support and obfuscation features enable phishing attacks across the globe.
Fake Confirmations: Victims receive fake emails that confirm purchases, which delays the suspicion.
Step-by-Step Analysis
1. Setup: Attackers either hack a legitimate WordPress site or create a fake one.
2. Deceptive Checkout: PhishWP personalizes payment pages to resemble actual processors.
3. Data Theft: Victims unknowingly provide sensitive information, including OTPs.
4. Exploitation: The stolen data is immediately sent to attackers, who use it for unauthorized transactions or sell it on dark web markets.
How to Protect Yourself
To avoid falling victim to threats like PhishWP:
1. Verify website authenticity before entering payment details.
2. Look for secure connections (HTTPS) and valid security certificates.
3. Use advanced tools like SlashNext’s Browser Phishing Protection, which blocks malicious URLs and identifies phishing attempts in real time.
Protecting your personal and financial data begins with understanding how cyberattacks work, don’t let hackers take the upper hand.
