More than 5,000 WordPress sites worldwide have been breached to facilitate admin account creation, malicious plugin injection, and data exfiltration as part of a novel attack campaign involving malware retrieved from the wp3[.]xyz domain, according to BleepingComputer.
Impacted websites, whose initial means of compromise remains uncertain, had a script retrieved from the wp3[.]xyz domain enabling the establishment of a deceptive admin account before installing an information-stealing plugin targeting admin credentials, logs, and other sensitive details, a report from c/side, a webscript security firm, revealed. Such findings should prompt website admins to leverage firewalls and other security systems to deter the wp3[.]xyz domain. Admins have also been urged to not only evaluate privileged accounts and installed plugins to address suspicious activity but also fortify WordPress sites’ cross-site request forgery defenses through server-side validation, unique token generation, and periodic regeneration, said researchers, who also recommended the implementation of multi-factor authentication.
