More than 2,000 WordPress websites are infected with a keylogger

 In Biz & IT, malware, Web security, wordpress

More than 2,000 WordPress websites are infected with a keylogger

Serving the Technologist for more than a decade. IT news, reviews, and analysis.

Enlarge / A screenshot showing a keylogger extracting user names and passwords. It’s currently infecting more than 2,000 WordPress websites. (credit: Sucuri)

More than 2,000 websites running the open-source WordPress content management system are infected with malware, researchers warned late last week. The malware in question logs passwords and just about anything else an administrator or visitor types.

The keylogger is part of a malicious package that also installs an in-browser cryptocurrency miner that’s surreptitiously run on the computers of people visiting the infected sites. Data provided here, here, and here by website search service PublicWWW showed that, as of Monday afternoon, the package was running on 2,092 sites.

Website security firm Sucuri said this is the same malicious code it found running on almost 5,500 WordPress sites in December. Those infections were cleaned up after cloudflare[.]solutions—the site used to host the malicious scripts—was taken down. The new infections are hosted on three new sites, msdns[.]online, cdns[.]ws, and cdjs[.]online. None of the sites hosting the code has any relation to Cloudflare or any other legitimate company.

Read 6 remaining paragraphs | Comments

Malicious script logs passwords and just about anything else admins or visitors type.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt