1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Thousands of WordPress websites hit in new malware attack, here's

    From TechnologyDaily@1337:1/100 to All on Wed Jan 15 17:15:04 2025
    Thousands of WordPress websites hit in new malware attack, here's what we know

    Date:
    Wed, 15 Jan 2025 17:02:00 +0000

    Description:
    The malware exfiltrates sensitive data from compromised WordPress websites.

    FULL STORY ======================================================================Security
    researchers find more than 5,000 websites carrying a piece of malicious code The malware installs a plugin that steals login credentials and sensitive
    data The researchers recommended a number of mitigation measures

    Thousands of WordPress websites were observed running malware able to create
    a rogue admin account and exfiltrated sensitive data through malicious plugins.

    A new report from security researcher Himanshu Anand from c/side claims said at least 5,000 WordPress websites were found hosting a malicious script that creates an unauthorized admin account with a username and password that can
    be found in the code.

    After creating the account, the script will download a malicious WordPress plugin, and run it. The plugin, which wasnt named, is tasked with
    exfiltrating sensitive data to a remote server. The data being pulled
    includes admin credentials and operation statuses, it was added. How to
    defend

    The researchers could not determine exactly how the malicious code ended up
    on these websites.

    So far, we haven't identified a common denominator, and our investigation is ongoing, Anand said.

    Those interested in double-checking if their website is secure or not should visit one of these websites, the researcher advised:

    - PublicWWW.com
    - URLScan.io

    To defend against the attacks, c/side recommends blocking the domain https://wp3[.]xyz in firewalls or security tools, auditing WordPress admin accounts for unauthorized users, removing suspicious plugins and validating existing ones, and strengthening CSRF protections and implementing multi-factor authentication (MFA). Ultimately, they recommend using c/sides services, too.

    Being the most popular website builder on the planet, WordPress is constantly being targeted by threat actors. However, since the platform is secure for
    the post part, attackers are focused on third-party plugins and themes, especially free-to-use ones, which often dont have the right software
    support.

    As a general rule of thumb, businesses should only use plugins and themes
    from reputable sources and with a strong supporting community. They should also make sure to uninstall any plugins they are not using, and to keep the remaining ones up to date. You might also like Millions of WordPress sites could be at risk from "one of the most serious" plugin flaws ever found
    Here's a list of the best antivirus tools on offer These are the best
    endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/thousands-of-wordpress-websites-hit-in- new-malware-attack-heres-what-we-know


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)