27 Jan Over 2000 WordPress Sites Infected by Keylogger
Security researchers recently discovered that more than 2000 websites have been infected with a keylogger which is loaded via the backend login page and a cryptocurrency miner script on the frontend.
According to the researchers, cybercriminals target unsecured WordPress sites and inject the CMS source code with a malicious code via an exploit. The keylogger which is loaded at the frontend used to come from a “cloudflare.solutions” domain that was taken down by the registrar on December 8. The hackers are now using these three domains: cdjs.online, cdns.ws, and msdns.online.
Cybersecurity company Sucuri, who has tracked the campaign since April, said that the number of affected sites could well exceed 2000.
Source: Bleeping Computer