Identity

Follow-on distributed brute-force attacks conducted via compromised WordPress sites

UKRAINE – 2021/11/22: In this photo illustration, the WordPress (WP, WordPress.org) logo is seen on a smartphone and in the background. (Photo Illustration by Pavlo Gonchar/SOPA Images/LightRocket via Getty Images)

Hacked WordPress sites have been leveraged to facilitate distributed brute-force attacks against other websites through malicious JavaScript injections as part of an attack campaign that initially involved the exploitation of compromised WordPress sites to enable crypto drainer injections, The Hacker News reports.

After securing a list of targeted WordPress sites and conducting author username extraction, threat actors proceed with malicious JavaScript code injections into breached websites. Attacks are then launched once such websites are visited by unsuspecting users, enabling unauthorized access to the initially targeted sites, a report from Sucuri showed. "For every password in the list, the visitor's browser sends the wp.uploadFile XML-RPC API request to upload a file with encrypted credentials that were used to authenticate this specific request. If authentication succeeds, a small text file with valid credentials is created in the WordPress uploads directory," said Sucuri researcher Denis Sinegubko. Such a development comes after a new SocGholish malware campaign was reported to involve the impersonation of WordPress plugins.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.