By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Cross-Site Scripting: The Real WordPress Supervillain
    Cross-Site Scripting: The Real WordPress Supervillain
    12 months ago
    Hackers targeting your smartphone
    12 months ago
    Improved Version of CTB-Locker (Onion Ransomware) Emerges
    12 months ago
    Latest News
    Beware of scammers! Dangerous apps in the App Store
    2 days ago
    How To Limit Login Attempts on WordPress (+ Should You?)
    3 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)
    3 days ago
    Two privilege escalation vulnerability in Simple Membership Plugin
    4 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Cloudflare Notification about increase in ransom DDoS threats
    12 months ago
    Windows 10 build 19044.1865 (KB5015878) outs as preview
    12 months ago
    How to fix unable set, remove, or use login PIN on Windows 10
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    8 months ago
    Now you can speed up any video in your browser
    8 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    9 months ago
  • How To
    How ToShow More
    Detecting zero-days before zero-day
    Detecting zero-days before zero-day
    23 hours ago
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    23 hours ago
    Network performance update: Birthday Week 2023
    Network performance update: Birthday Week 2023
    23 hours ago
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    2 days ago
    Privacy-preserving measurement and machine learning
    Privacy-preserving measurement and machine learning
    2 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    The most Important Shortcuts Keys For Computer
    12 months ago
    What’s new in Chrome 88
    12 months ago
    Windows 11 might get floating Taskbar similar to macOS
    9 months ago
    Latest News
    How to enable extensions for Google Bard AI
    2 days ago
    Window 11 Copilot: 10 Best tips and tricks
    2 days ago
    How to create AI images with Cocreator on Paint for Windows 11
    3 days ago
    How to install September 2023 update with 23H2 features for Windows 11
    4 days ago
  • Glossary
  • My Bookmarks
Reading: Keylogger found on 5500 sites running WordPress
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
FixHow ToWordpress Threats

Keylogger found on 5500 sites running WordPress

Tom Grant
Last updated: 13 October
Tom Grant 2 years ago
Share
3 Min Read

Analysts at Sucuri have been monitoring a malicious campaign that has its roots in the cloudflare.solutions domain for quite some time now. Of course, this domain has nothing to do with the real Cloudflare company, and malicious scripts are distributed from it that work like a keylogger and steal all the data that users enter into various forms. Also, scripts are sometimes uploaded to infected sites by a cryptocurrency miner.

For the first time, Sucuri analysts noticed this campaign in April 2017. At that time, malicious JavaScript was loaded onto hacked sites as part of advertising banners. The second incident occurred quite recently, in


November 2017 . The same hacker group changed tactics slightly: malicious scripts began to disguise themselves as jQuery and Google Analytics JavaScript files, although in fact they were the Coinhive browser miner. According to analysts, the campaign has spread to 1833 sites. Now the researchers reported that the attackers’ tactics have changed again. Scripts are still mining at the expense of visitors to hacked sites, but now keylogger functionality has been added to this.

First of all, attackers are interested in sites running WordPress, they are the main target of the group. Criminals compromise such resources in a variety of ways, and then hide their scripts, for example, in the functions.php file.

Even worse, experts note that malicious scripts are loaded both on the front end and on the back end of sites, that is, among other things, they are able to intercept logins and passwords that users enter during login to the admin. On the front end, scripts most often steal information from the comment form. Also, do not forget that many online stores operate on the basis of WordPress, that is, bank card numbers and other personal data of users are at risk.

According to PublicWWW , malicious scripts of an unknown group are currently present on 5496 resources (out of the 200,000 most popular sites according to Alexa). The script with keylogger functionality looks like this: That is, all stolen data is transferred to wss://cloudflare[.]solutions:8085/.


Source: xaker.ru

Translate this article

TAGGED: Cloudflare, DoS, WordPress
Tom Grant October 13, 2022 October 31, 2021
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Detecting zero-days before zero-day
Detecting zero-days before zero-day
Apps 23 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps 23 hours ago
Network performance update: Birthday Week 2023
Network performance update: Birthday Week 2023
Apps 23 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps 2 days ago
Privacy-preserving measurement and machine learning
Privacy-preserving measurement and machine learning
Apps 2 days ago

You Might Also Like

Detecting zero-days before zero-day
Apps

Detecting zero-days before zero-day

23 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps

See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan

23 hours ago
Network performance update: Birthday Week 2023
Apps

Network performance update: Birthday Week 2023

23 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps

Cloudflare now uses post-quantum cryptography to talk to your origin server

2 days ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
How to install September 2023 update with 23H2 features for Windows 11
How to get the latest Windows 11 innovations
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme

10 New Stories

Encrypted Client Hello – the last puzzle piece to privacy
Beware of scammers! Dangerous apps in the App Store
How to enable extensions for Google Bard AI
Reminder: Enable two-factor authentication wherever you have it. This business
​​Know exactly when your data is transferred to GoogleIn a world where our data is permanent
​​Fake correspondence with the iPhone interfaceIn a world where digital communication is
Previous Next
Hot News
Detecting zero-days before zero-day
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Network performance update: Birthday Week 2023
Cloudflare now uses post-quantum cryptography to talk to your origin server
Privacy-preserving measurement and machine learning
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?