Inside FluxPanel How Phishing Enables Real-Time Ecommerce Checkout Hijacks

While online shoppers think they’re safely completing purchases on legitimate ecommerce sites, cybercriminals are watching every keystroke, capturing credit cards and personal data in real time through a sophisticated new phishing-as-a-service kit called FluxPanel.

Recently surfaced by Abnormal AI researchers, FluxPanel turns legitimate WordPress stores into live data theft operations. It combines a malicious plugin with a centralized attacker dashboard, making it easy to embed into ecommerce sites without detection.

Unlike traditional phishing pages that redirect victims to fake sites, FluxPanel, which has been advertised on dark web forums by a user known as “hologram,” operates directly within compromised stores’ checkout flows, blurring the line between legitimate transactions and theft. Its focus on ecommerce, combined with support for advanced 3D Secure features, makes it a serious threat to online retailers.

To read the complete article see: https://abnormal.ai/blog/fluxpanel-phishing-ecommerce-checkout-hijacks