Researchers from Sucuri , which specializes in digital security, managed to find malware in the WordPress content management system, and this software is present in more than 2,000 sites so far.
According to the company, the software works in the form of a keylogger, that is, it records what the user types on the computer to send it to outside servers later. The same software also runs programs for mining cryptocurrency.
In December, Sucuri found malware on cloudflare servers that infected more than 5,500 WordPress sites. But its harm disappeared as soon as the malicious files were removed from the servers. As for the new malware, its files are apparently located on private servers belonging to the domains msdns[.]online, cdns[.]ws, and cdjs[.]online as well.
The software that runs when visiting a site infected with this software has been detected requesting some outside files, all of which are JavaScript files, then running malicious code and stealing users’ data based on the WebSocket protocol that allows data to be exchanged between the server and the device via immediate channels.
The attack mechanism to infect WordPress sites is not yet known. But Sucuri believes that using old versions of the system without updating to the latest versions would facilitate infection of the CMS database and the files in it, thus infecting the entire site without the user’s knowledge.
And to ensure that the site is infected, you can download the free Sucuri Scanner add-on from the company, which scans all files to ensure that they are free of malicious files. It also checks databases to ensure that server requests are not planted in them. Moreover to the above, from within the WordPress system control panel, after downloading the extension, it is possible to choose Sucuri Security from the list and then Dashboard to see the system files that must remain unchanged, and in the event of any change or modification, this means that there is a breach and infection To a very large percentage.
Finally, you can click on Last Logins from the side menu also after choosing Sucuri Security, and here you can see the ultimate logins that took place to make certain that there are no processes from unknown parties that the user does not know about.
