WooCommerce users subjected to widespread fake security phishing campaign
Popular e-commerce platform WooCommerce had its users targeted with malware spread via bogus security alerts as part of a far-reaching phishing campaign, Security Affairs reports. Attacks commence with the delivery of malicious emails warning about a critical "unauthenticated administrative access" WooCommerce vulnerability with a download link that redirected to a fake WooCommerce Marketplace page, according to a Patchstack analysis. Execution of the fraudulent patch from woocommrce[.]com led to the subsequent use of WordPress hooks and creation of concealed administrators for stealth, as well as the deployment of numerous obfuscated PHP web shells that allowed total server compromise for ad injections, billing data theft, and ransomware and distributed denial-of-service intrusions. "As this phishing campaign is discovered and the community is made aware, it is likely for some or all of these indicators to change. New versions of this campaign are likely to appear as domains get flagged by hosts, registrars and security services." said the report.
