WordPress websites are being hacked to hijack your browser and then attack other sites

Date:
Thu, 07 Mar 2024 18:40:47 +0000

Description:
Hackers are building a base of compromised WordPress websites from which they could launch bigger campaigns.

FULL STORY ======================================================================

Cybercriminals are using compromised WordPress websites to form a huge army for credential stuffing attacks, experts have warned.

A report from cybersecurity researchers Sucuri spotted the campaign, and believe they know what its goal is - namely looking for vulnerable sites from the website builder , where they can install a small script in the HTML templates. That script forces the website visitors computer to visit a different WordPress website (in the background, unbeknownst to the victim)
and try to log in using different username and password combinations.

Once the victim cracks the login code, they would, still unaware, relay that information back to the attackers, and receive further instructions (another website to crack). Building a base

Citing information from the HTML source code search engine, PublicHTML, BleepingComputer reported that there are currently more than 1,700 websites hosting this script, providing a massive pool of users who will be
unwittingly conscripted into this distributed bruteforce army. Among the victims, the publication further reports, is the website of Ecuadors Association of Private Banks.

Sucuri says its been tracking this threat actor in the past. Until now, the group used the same technique for a different purpose - to install the AngelDrainer malware . AngelDrainer is a piece of code that, as the name suggests, drains all of the funds a victim may have in their cryptocurrency wallets. To do that, the victim needs to connect their wallet (such as the MetaMask wallet, for example) to a crypto service. The group even built their own fake Web3 websites to get people to connect their wallets.

The researchers arent certain why the group decided to pivot into credential stuffing. One explanation is that theyre building a bigger base of
compromised sites that can then be used to launch more destructive attacks - such as wallet draining campaigns.

"Most likely, they realized that at their scale of infection (~1000 compromised sites) the crypto drainers are not very profitable yet," Sucuri concluded.

"Moreover, they draw too much attention and their domains get blocked pretty quickly. So, it appears reasonable to switch the payload with something stealthier, that at the same time can help increase their portfolio of compromised sites for future waves of infections that they will be able to monetize in one way or another." More from TechRadar Pro Attack on Ledger crypto wallet leads to huge money thefts Here's a list of the best WordPress hosting services around today These are the best endpoint security tools
right now



======================================================================
Link to news story: https://www.techradar.com/pro/security/wordpress-websites-are-being-hacked-to- hijack-your-browser-and-then-attack-other-sites


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)