Brinztech Alert: Unauthorized WordPress Access to Israeli Shop (Taranzila Payment Redirect) is on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the sale of unauthorized administrative and database access to a WordPress-powered e-commerce shop based in Israel.

Brinztech Analysis: This listing represents a live, active financial compromise.

• The Target: An active Israeli online store with substantial traffic (160+ orders in Oct, 180+ in Nov 2025).
• The “Smoking Gun”: The seller explicitly mentions “Credit Card Redirect Taranzila.”
  • Taranzila is a major Israeli payment gateway service provider.
  • The Attack: This phrasing strongly suggests the attacker has modified the store’s payment plugin (likely WooCommerce Tranzila Gateway) to execute a malicious redirect. Instead of sending the customer to the legitimate, secure Taranzila payment page, the compromised site redirects them to a phishing page controlled by the attacker that looks like Taranzila.
• The Context: This falls under the umbrella of Magecart / Digital Skimming attacks. Vulnerabilities in WordPress payment plugins (like the critical PHP Object Injection flaws found in Tranzila plugins in previous years) are a common vector for this type of takeover.

Key Cybersecurity Insights

This alleged access sale presents a critical and immediate threat to Israeli e-commerce:

• Direct Financial Threat (Magecart/Phishing): The “Redirect” capability allows the attacker to harvest full credit card numbers (PAN + CVV) in real-time. Since the victim believes they are paying via a trusted gateway, the success rate of this fraud is extremely high.
• WordPress Vulnerability Exploitation: The incident underscores the persistent security risks associated with WordPress installations. Unpatched plugins (especially regional payment gateways) are frequent targets for Initial Access Brokers (IABs) who then sell the access to carding groups.
• Persistent Unauthorized Access: The offering specifies access for an extended period (October and November), indicating the attacker has maintained persistence (likely via a web shell or a rogue admin account) for months without detection.
• Data Breach (PII): Beyond credit cards, the administrative access grants full visibility into the customer database (names, addresses, phone numbers, order history), exposing the shop to severe penalties under Israeli privacy laws.

Mitigation Strategies

In response to this claim, the shop owner and all Israeli merchants using Taranzila/WordPress must take immediate action:

• Check Payment Flows (Critical): Immediately attempt a test purchase on your site. Verify the URL of the payment page carefully. Does it redirect to the legitimate taranzila.co.il domain, or a look-alike phishing site?
• Plugin Audit & Patching: Update the WooCommerce Tranzila Gateway plugin immediately. If you are using an older or custom version, disable it until a security audit is performed.
• Immediate Credential Rotation: Force a password reset for all WordPress administrators and database users. Check the “Users” list for any unknown accounts created in October or November.
• Forensic Analysis: Scan the wp-content/plugins directory for modified PHP or JavaScript files. Look for unauthorized code injections in the header.php or footer.php files of your active theme.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com