Summary: Cybersecurity experts warn of a phishing campaign aimed at WooCommerce users, tricking them into downloading a backdoor disguised as a crucial security patch. This campaign resembles a previous attack from December 2023 and employs deceptive tactics to compromise vulnerable systems. Victims unwittingly grant remote access to attackers, enabling various malicious activities on their websites.
Affected: WooCommerce users and websites
Keypoints :
- Phishing emails claim a non-existent vulnerability, urging users to visit a malicious site.
- A spoofed website is designed to resemble the official WooCommerce page, using an IDN homograph attack.
- Installing the fake patch leads to the creation of unauthorized administrator accounts and communication with external servers.
- Attackers gain remote control, allowing for activities such as injecting spam, redirecting visitors, and engaging in extortion.
- Users should scan for suspicious plugins and ensure their software is updated to mitigate risks.
Source: https://thehackernews.com/2025/04/woocommerce-users-targeted-by-fake.html