Keylogger Found on Thousands of Infected WordPress Sites
Posted by: Timothy Tibbetts on 12/07/2017 12:32 PM
[
Comments
]
Sucuri has found (again) that 5,482 WordPress websites have been infected by an obfuscated script pretending to be jQuery and Google Analytics.
What sort of data can be stolen this way? Since we are talking about WordPress sites, such sites usually have search boxes and comment forms. This might not be that interesting to the bad guys. But what if the WordPress site has some e-commerce functionality and embeds a checkout form? This scenario allows a hacker to steal the payment details.
And of course, every WordPress site has a login form. Hackers don’t forget about that, so they add this code that injects the cloudflare[.]solutions keylogger to the login page as well.
The Sucri blog has many more details on this evolving malware.
What sort of data can be stolen this way? Since we are talking about WordPress sites, such sites usually have search boxes and comment forms. This might not be that interesting to the bad guys. But what if the WordPress site has some e-commerce functionality and embeds a checkout form? This scenario allows a hacker to steal the payment details.
And of course, every WordPress site has a login form. Hackers don’t forget about that, so they add this code that injects the cloudflare[.]solutions keylogger to the login page as well.
The Sucri blog has many more details on this evolving malware.
Comments
