About 2,000 sites on the WordPress again attacked by hackers

About 2,000 sites on the WordPress again attacked by hackers

Researchers at security firm Sucuri recently discovered that hackers broke into about 2000 websites on WordPress, to steal the credentials of taxpayers for mining cryptocurrency.

WordPress is one of the most popular content management systems (CMS), providing work for more than 25 percent of the web sites on the Internet, and that means a huge number of sites may be under threat.

What do we know about the attacks

According to the statement Sucuri, hackers infect all JavaScript files on the host, introducing them encrypted malicious code. If multiple sites are placed on hosting under one account WordPress is infected they all will be; this technique is called cross-site contamination.

Users simply go to the site with the built in miner. Then, using the computational power of the computer processor will generate cryptocurrency for fraudsters.

Using this method, the attackers were able to infect the target page websites with Keylogger, malware, fixing what characters were typed by the user. This information is fed to the criminals ‘ server that allows hackers to steal all the data entered in the contact forms of the website, including the credentials of the administrator and other users.

Separately, hackers had infected the WordPress interface using CoinHive, which offers site owners to convert the CPU power of visitors to the Monero cryptocurrency. If your site is infected, visitors will feel the sudden slowing down of their computers and smartphones. Also cryptocurrency mining quickly sits down battery gadget.

Who suffered?

Sucuri not told how the attackers were able to infect websites. But such attacks usually occur on sites running on older versions of WordPress (the current version is 4.9.2) or containing unsafe plugins. On the official WordPress site hosted over 50,000 plugins, and thousands of others can be purchased from third-party sources. These plugins are mostly very vulnerable.

In December 2017 Sucuri has documented a similar attack that affected more than 5,500 websites. The domain that was infected, has long been disabled. However, as noted by researchers from Sucuri, there are still many websites that are unable to adequately protect themselves after the initial infection. Future attacks can infect more websites.

How to protect yourself

First, make sure that You have the latest version of the engine and plugins. Web sites hosted on WordPress.com are automatically updated. If You are using another hosting, WordPress will alert you that a new version is available.

The updates will protect You from future attacks. Ensure that your WordPress version has not been infected You should scan the core files and database table for suspicious modifications and return them to the original version.

You can also install the browser extension NoCoin, which will prevent illegal use of the resources of Your CPU.

Let's Disqus