4500+ WordPress Sites Hacked with a Monero Cryptojacking Campaign

Security researchers recently reported the discovery of a massive Monero hacking campaign targeted at WordPress sites. According to reports, more than 4500 WordPress sites were compromised with a malicious cryptocurrency-mining campaign. The hackers used a wide array of techniques to exploit vulnerable WordPress sites, including social engineering, website exploitation and more. These compromised sites were embedded with a malicious script that mined the Monero cryptocurrency and sent it to the hackers’ address. The malicious activity was first noticed by security researchers at Sucuri, who tracked the activities of the hackers. According to them, the hackers used social engineering techniques to inject malicious code into vulnerable WordPress sites. They also discovered that a file known as “wp-vcd.php” was present in some of the compromised sites. This file was a well-known malicious mining script that had been customized to run Monero mining operations. The hackers also used various website exploitation techniques to inject malicious code into vulnerable WordPress sites. The hackers exploited a number of vulnerabilities in WordPress plugins, such as two-factor authentication, Google Analytics and others, which allowed the hackers to inject their malicious files into the sites. In addition to injecting malicious code, the hackers also used some other techniques to prevent the WordPress sites from being detected. They disabled the WordPress plugins that monitored the logs, as well as added custom rules to the .htaccess file to prevent malicious requests from being blocked. This Monero coin-mining campaign is a reminder that WordPress sites need to be properly secured and monitored. Security researchers recommend that WordPress site owners check their sites for any malicious files and scripts, as well as review their log files for any suspicious activity. They also strongly recommend installing security plugins to protect the sites from future attacks and malware. They advise site owners to keep their WordPress plugins and themes up to date, as well as perform regular security scans to ensure that their sites are not vulnerable to malicious activity.

This Cyber News was published on thehackernews.com. Publication date: Thu, 26 Jan 2023 04:45:03 +0000


Cyber News related to 4500+ WordPress Sites Hacked with a Monero Cryptojacking Campaign

4500+ WordPress Sites Hacked with a Monero Cryptojacking Campaign - Security researchers recently reported the discovery of a massive Monero hacking campaign targeted at WordPress sites. According to reports, more than 4500 WordPress sites were compromised with a malicious cryptocurrency-mining campaign. The hackers ...
1 year ago Thehackernews.com
Hacker spins up 1 million virtual servers to illegally mine crypto - A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency. As announced today by Europol, the suspect is believed to be the mastermind behind a ...
10 months ago Bleepingcomputer.com
CVE-2018-0155 - A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd ...
4 years ago
CVE-2023-2813 - All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before ...
1 year ago
US SEC's X account hacked to announce fake Bitcoin ETF approval - The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X ...
10 months ago Bleepingcomputer.com
CVE-2008-7092 - Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a ...
7 years ago
New Balada Injector campaign infects 6,700 WordPress sites - A little over 6,700 WordPress websites using a vulnerable version of the Popup Builder plugin have been infected with the Balada Injector malware in a campaign that launched in mid-December. Initially documented by researchers at Dr. Web who observed ...
10 months ago Bleepingcomputer.com
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware - Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. The flaw leveraged in the attacks is tracked as CVE-2023-6000, a cross-site ...
8 months ago Bleepingcomputer.com
Mandiant's X account hacked by crypto Drainer-as-a-Service gang - The threat actor who took over Mandiant's X social media account used it to share links, redirecting the company's over 123,000 followers to a phishing page to steal cryptocurrency. As Mandiant found during a follow-up investigation into the ...
10 months ago Bleepingcomputer.com
Novel Crytpojacking Campaign is Targeting Docker APIs Across the Internet - Cado security researchers recently identified a sophisticated cryptojacking campaign that exploits exposed Docker API endpoints over the internet. The first container, created with the Commando open-source tool, seems innocent, but it allows the ...
10 months ago Cysecurity.news
75K+ WordPress Sites Impacted by Critical Plugin Flaws - A large-scale breach has impacted more than 75,000 WordPress sites that are running an online course plugin. According to security researchers, the plugin has three critical vulnerabilities that could expose customer data and be used to take over ...
1 year ago Bleepingcomputer.com
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet - On vulnerable endpoints, the Docker API is used to spawn an Alpine container and then retrieve an initialization shell script (init.sh) from a remote server ("solscan[.]live") that, in turn, checks if it's running as the root user and tools like curl ...
2 months ago Thehackernews.com
Multimillion-dollar cryptojacker snared by Ukrainian police The Register - The criminal thought to be behind a multimillion-dollar cryptojacking scheme is in custody following a Europol-led investigation. Supported by the National Police of Ukraine, Europol arrested a 29-year-old, whose identity is being withheld, this week ...
10 months ago Go.theregister.com
Hacker Behind $2 Million Cryptocurrency Mining Scheme Arrested in Ukraine - The Ukrainian National Police and Europol have announced the arrest of an individual believed to be involved in a $2 million cryptojacking operation. According to Europol, the suspect, a 29-year-old individual residing in Mykolaiv, Ukraine, is likely ...
10 months ago Securityweek.com
New Migo malware disables protection features on Redis servers - Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency. Redis is an in-memory data structure store used as a database, cache, and message broker known ...
9 months ago Bleepingcomputer.com
Russian Cyberattackers Launch Multiphase PsyOps Campaign - Russia-linked threat actors employed both PysOps and spear-phishing to target users over several months at the end of 2023 in a multiwave campaign aimed at spreading misinformation in Ukraine and stealing Microsoft 365 credentials across Europe. The ...
9 months ago Darkreading.com
SEC confirms X account was hacked in SIM swapping attack - The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. Earlier this month, the SEC's X account was hacked to issue a fake ...
10 months ago Bleepingcomputer.com
Companies Must Strengthen Cyber Defense in Face of Shifting Threat Actor Strategies - Critical for organizations to understand attackers' tactics, techniques, and procedures. The 2023 mid-year cyber threat report card portends an ominous outlook with staggering data including the fact that 332 million cryptojacking attacks were ...
11 months ago Cyberdefensemagazine.com
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media
WordPress Request Architecture and Hooks - Before diving into the security features of WordPress, it's critical to understand the underlying request architecture. WordPress is a dynamic system that processes and responds to user requests in various ways, depending on the nature of the request ...
5 months ago Wordfence.com
Watch out for "I can't believe he is gone" Facebook phishing posts - This phishing attack is ongoing and widely spread on Facebook through friend's hacked accounts, as the threat actors build a massive army of stolen accounts for use in further scams on the social media platform. As the posts come from your friends' ...
10 months ago Bleepingcomputer.com
Hackers push USB malware payloads via news, media hosting sites - A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content. The attackers ...
10 months ago Bleepingcomputer.com
Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising - A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. WinSCP and Putty are popular Windows utilities, with WinSCP being an SFTP client and FTP client and Putty an ...
6 months ago Bleepingcomputer.com
Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising - A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. WinSCP and Putty are popular Windows utilities, with WinSCP being an SFTP client and FTP client and Putty an ...
6 months ago Bleepingcomputer.com
CVE-2024-50002 - In the Linux kernel, the following vulnerability has been resolved: static_call: Handle module init failure correctly in static_call_del_module() Module insertion invokes static_call_add_module() to initialize the static calls in a module. ...
1 month ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)