According to SlashNext findings, PhishWP employs advanced tactics, such as stealing the OTP sent during a 3D Secure (3DS) check. By capturing this code, attackers can impersonate users, making their fraudulent transactions appear legitimate.
“With the OTP in hand, cybercriminals bypass one of the most critical safeguards in digital transactions, making their fraudulent activities look alarmingly legitimate to both banks and unwitting shoppers,” Soroko said. “Many people have been trained to believe that one-time passcodes (OTP) help a system to be more secure, but in this case, they are merely handing over the keys to their adversary.”
Other key features offered with the plugin include customizable checkout pages, auto-response emails, multi-language support, and obfuscation options.
_Yury_Zap_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop&w=332&resize=332,0&ssl=1 "Veracode Buys Package Analysis Technology From Phylum")
_Yury_Zap_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop&w=688&resize=688,387&ssl=1 "Veracode Buys Package Analysis Technology From Phylum")
