back-2 (2)

WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites

Teilen:

A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data.

Researchers at webscript security company c/side discovered during an incident response engagement for one of their clients that the malicious activity uses the wp3[.]xyz domain to exfiltrate data but have yet to determine the initial infection vector.

After compromising a target, a malicious script loaded from the wp3[.]xyz domain creates the rogue admin account wpx_admin with credentials available in the code.

Creating a rogue admin account
Creating a rogue admin account
Source: c/side

The script then proceeds to install a malicious plugin (plugin.php) downloaded from the same domain, and activates it on the compromised website.

According to c/cide, the purpose of the plugin is to collect sensitive data, like administrator credentials and logs, and send it to the attacker’s server in an obfuscated way that makes it appear as an image request.

The attack also involves several verification steps, such as logging the status of the operation after the creation of the rogue admin account and verifying the installation of the malicious plugin.

Blocking the attacks

c/side recommends that website owners block the ‘wp3[.]xyz’ domain using firewalls and security tools.

Moreover, admins should review other privileged accounts and the list of installed plugins, to identify unauthorized activity, and remove them as soon as possible.

Finally, it is recommended that CSRF protections on WordPress sites be strengthened via unique token generation, server-side validation, and periodic regeneration. Tokens should have a short expiration time to limit their validity period.

Implementing multi-factor authentication also adds protection to accounts with credentials that have already been compromised.

Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
7:32 pm, Feb. 15, 2025
Wetter-Symbol 3°C
L: 2° | H: 4°
overcast clouds
Luftfeuchtigkeit: 87 %
Druck: 1019 mb
Wind: 8 mph E
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 100%
Regen Chance: 0%
Sichtbarkeit: 8 km
Sonnenaufgang: 7:14 am
Sonnenuntergang: 5:15 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 9:00 pm
Wetter-Symbol
2° | 4°°C 1 mm 100% 7 mph 89 % 1019 mb 0 mm/h
Tomorrow 9:00 pm
Wetter-Symbol
2° | 4°°C 1 mm 100% 10 mph 91 % 1022 mb 0.24 mm/h
Mo. Feb. 17 9:00 pm
Wetter-Symbol
1° | 7°°C 0 mm 0% 7 mph 78 % 1022 mb 0 mm/h
Di. Feb. 18 9:00 pm
Wetter-Symbol
1° | 8°°C 0 mm 0% 8 mph 70 % 1022 mb 0 mm/h
Mi. Feb. 19 9:00 pm
Wetter-Symbol
4° | 10°°C 0 mm 0% 7 mph 94 % 1020 mb 0 mm/h
Today 9:00 pm
Wetter-Symbol
2° | 3°°C 1 mm 100% 7 mph 89 % 1019 mb 0 mm/h
Tomorrow 12:00 am
Wetter-Symbol
2° | 2°°C 1 mm 100% 7 mph 91 % 1020 mb 0.24 mm/h
Tomorrow 3:00 am
Wetter-Symbol
2° | 2°°C 0 mm 0% 6 mph 90 % 1019 mb 0 mm/h
Tomorrow 6:00 am
Wetter-Symbol
2° | 2°°C 0 mm 0% 6 mph 88 % 1020 mb 0 mm/h
Tomorrow 9:00 am
Wetter-Symbol
3° | 3°°C 0 mm 0% 8 mph 80 % 1020 mb 0 mm/h
Tomorrow 12:00 pm
Wetter-Symbol
4° | 4°°C 0 mm 0% 10 mph 69 % 1021 mb 0 mm/h
Tomorrow 3:00 pm
Wetter-Symbol
4° | 4°°C 0 mm 0% 9 mph 64 % 1021 mb 0 mm/h
Tomorrow 6:00 pm
Wetter-Symbol
3° | 3°°C 0 mm 0% 8 mph 69 % 1021 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€93,020.79
-0.26%
Ethereum(ETH)
€2,576.14
-1.37%
XRP(XRP)
€2.63
-0.84%
Fesseln(USDT)
€0.95
-0.03%
Solana(SOL)
€185.54
-3.49%
USDC(USDC)
€0.95
0.00%
Dogecoin(DOGE)
€0.261415
-0.73%
Shiba Inu(SHIB)
€0.000015
-2.63%
Pepe(PEPE)
€0.000010
-3.91%
Nach oben scrollen