Notorious Malware Contaminated More Than 2,000 WordPress Sites

The internet is flooded with hacking news all over again. Hackers are not going to settle for less it seems and this time WordPress is the HVT.

Recently, Security researchers of a cybersecurity company, Sucuri have discovered over 2,000 (possibly more) WordPress sites infected with a piece of crypto-mining malware that was being uploaded on the WordPress’s backend login page. The malware not only flicks resources of visitors' computers to mine digital currencies but also acts as a keylogger to get hold of all the user’s keystrokes.

The nasty in-browser cryptocurrency miner is from CoinHive, a popular browser-based service. CoinHive offers website owners to embed a JavaScript to utilize CPUs power of their website visitors in an effort to mine the Monero cryptocurrency.

There was a similar kind of campaign that took place back in December 2017 infecting nearly 5,500 WordPress Sites and according to the researchers, the culprits behind this hack are the same who infected WordPress in early December 2017 using keylogger/cryptocurrency malware called cloudflare[.]solutions.

Discovered last year, cloudflare[.]solutions is a notorious crypto-mining malware that does not have any link with Cloudflare, a network management and cybersecurity firm. The malware got the name cloudflare[.]solutions because it initially used the Cloudflare’s domain to spread the malware. The cloudflare[.]solutions’ domain was taken down but that was not the end of the malware campaign. The attackers immediately registered a number of new domains including cdjs[.]online, cdns[.]ws , and msdns[.]online.

So, if your website is also one of the compromised sites then it is high time to remove the malicious code from theme's functions.php and scan wp_posts table for any possible injection. Also, all the users are advised to change all WordPress passwords and update all the server software including the third-party themes and plugins.