Thousands of WordPress websites hit in new malware attack, here’s what we know

Security researchers find more than 5,000 websites carrying a piece of malicious code
The malware installs a plugin that steals login credentials and sensitive data
The researchers recommended a number of mitigation measures

Thousands of WordPress websites were observed running malware able to create a rogue admin account and exfiltrated sensitive data through malicious plugins.

A new report from security researcher Himanshu Anand from c/side claims said at least 5,000 WordPress websites were found hosting a malicious script that creates an unauthorized admin account with a username and password that can be found in the code.

After creating the account, the script will download a malicious WordPress plugin, and run it. The plugin, which wasn’t named, is tasked with exfiltrating sensitive data to a remote server. The data being pulled includes admin credentials and operation statuses, it was added.

How to defend

The researchers could not determine exactly how the malicious code ended up on these websites.

“So far, we haven’t identified a common denominator, and our investigation is ongoing,” Anand said.

Those interested in double-checking if their website is secure or not should visit one of these websites, the researcher advised:

– PublicWWW.com
– URLScan.io

To defend against the attacks, c/side recommends blocking the domain https://wp3[.]xyz in firewalls or security tools, auditing WordPress admin accounts for unauthorized users, removing suspicious plugins and validating existing ones, and strengthening CSRF protections and implementing multi-factor authentication (MFA). Ultimately, they recommend using c/side’s services, too.

Being the most popular website builder on the planet, WordPress is constantly being targeted by threat actors. However, since the platform is secure for the post part, attackers are focused on third-party plugins and themes, especially free-to-use ones, which often don’t have the right software support.

As a general rule of thumb, businesses should only use plugins and themes from reputable sources and with a strong supporting community. They should also make sure to uninstall any plugins they are not using, and to keep the remaining ones up to date.

https://cdn.mos.cms.futurecdn.net/4dB7zyRNSR7f8BCMoB3JqQ-1200-80.jpg

Source link

PNY PRO Elite V3 Flash Drive review

GMKtec NucBox M5 Plus mini PC review

This software may finally kill Windows on desktops for good, and I think Apple should buy it now

Ugreen 40Gbps M.2 Enclosure review

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Thousands of WordPress websites hit in new malware attack, here’s what we know

PNY PRO Elite V3 Flash Drive review

GMKtec NucBox M5 Plus mini PC review

This software may finally kill Windows on desktops for good, and I think Apple should buy it now

Ugreen 40Gbps M.2 Enclosure review

Leave a reply Cancel reply