Huge cybercrime attack sees 390,000 WordPress websites hit, details stolen




  • Researchers found a malicious package on NPM, uploaded a year ago
  • It was benign at first, and introduced malware later via an update
  • The malware stole hundreds of thousands of secrets and installed cryptojackers on dozes of computers

For roughly a year, hackers have been infecting red teamers, penetration testers, security researchers, as well as other hackers, with a piece of malware that steals WordPress credentials and other sensitive data, and installs cryptominers on compromised endpoints.

As a result, login credentials for some 390,000 WordPress accounts were stolen, and dozens of systems were found mining Monero.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *