Malicious software found in WordPress has infected more than 2000 sites

Malicious software found in WordPress has infected more than 2000 sites

Researchers from Sucuri, a specialist in digital security, have been able to find malicious software in the WordPress content management system, and that software exists in more than 2000 sites so far.

According to the company, the software acts as a recorder of keylogger keys, which records what the user typed on the computer to send to external servers later. The same software runs software for currency mining.

In December, Sucuri found malicious software on clodflare servers that infected more than 5,500 sites running WordPress. But its damage disappeared once the malicious files were removed from the servers. As for the new malicious software, its files are on special servers that appear to belong to the domains msdns [.] Online, cdns [.] Ws, and cdjs [.] Online as well.

The software, which works when visiting an infected site, detects that software and requests some external files, all of which are JavaScript files, which then run malicious code and steal user data based on the WebSocket protocol, which allows the exchange of data between the server and the device via instant channels.

The attack mechanism is not yet known to infect sites running the WordPress system. But Sucuri believes that using outdated versions of the system without updating to the latest versions would make it easier to infect the CMS database and its files, thus infecting the entire site without user knowledge.

To make sure the site is infected, you can download the free Sucuri Scanner from the company, which scans all files to make sure they are free from malicious files. It also checks databases to ensure that server requests are not planted. In addition to the above, within the WordPress control panel, after downloading the addendum, select Sucuri Security from the list and then Dashboard to see the system files that should remain unchanged, and if there is any change or modification, it means that there is penetration and injury By a very large percentage.

Finally, you can click Last Logins from the side menu even after selecting Sucuri Security, and here you can see the latest logins that were made to make sure that there are no anonymous processes that the user does not know.

No comments:

Powered by Blogger.