Summary: A harmful PyPi package named ‘disgrasya’ has exploited WooCommerce stores to validate stolen credit cards, achieving over 34,000 downloads before its removal. This malicious script collects data from legitimate sites, simulates the checkout process, and sends card information to the attackers’ server for validation. Its vulnerability highlights the risks associated with open-source package distribution and the sophisticated tactics employed by cybercriminals.
Affected: WooCommerce stores using CyberSource payment gateway
Keypoints :
- Package ‘disgrasya’ targeted WooCommerce stores specifically, leveraging legitimate functionalities for illicit activities.
- The script automates the validation process for stolen credit cards, making it difficult for fraud detection systems to identify attacks.
- Socket researchers recommend measures like blocking low-value orders and enhancing checkout with CAPTCHA to mitigate these threats.