Security researchers recently reported the discovery of a massive Monero hacking campaign targeted at WordPress sites. According to reports, more than 4500 WordPress sites were compromised with a malicious cryptocurrency-mining campaign. The hackers used a wide array of techniques to exploit vulnerable WordPress sites, including social engineering, website exploitation and more. These compromised sites were embedded with a malicious script that mined the Monero cryptocurrency and sent it to the hackers’ address.
The malicious activity was first noticed by security researchers at Sucuri, who tracked the activities of the hackers. According to them, the hackers used social engineering techniques to inject malicious code into vulnerable WordPress sites. They also discovered that a file known as “wp-vcd.php” was present in some of the compromised sites. This file was a well-known malicious mining script that had been customized to run Monero mining operations.
The hackers also used various website exploitation techniques to inject malicious code into vulnerable WordPress sites. The hackers exploited a number of vulnerabilities in WordPress plugins, such as two-factor authentication, Google Analytics and others, which allowed the hackers to inject their malicious files into the sites.
In addition to injecting malicious code, the hackers also used some other techniques to prevent the WordPress sites from being detected. They disabled the WordPress plugins that monitored the logs, as well as added custom rules to the .htaccess file to prevent malicious requests from being blocked.
This Monero coin-mining campaign is a reminder that WordPress sites need to be properly secured and monitored. Security researchers recommend that WordPress site owners check their sites for any malicious files and scripts, as well as review their log files for any suspicious activity. They also strongly recommend installing security plugins to protect the sites from future attacks and malware. They advise site owners to keep their WordPress plugins and themes up to date, as well as perform regular security scans to ensure that their sites are not vulnerable to malicious activity.
This Cyber News was published on thehackernews.com. Publication date: Thu, 26 Jan 2023 04:45:03 +0000