April 8, 2024 at 02:26PM
Hackers compromised over 2,000 WordPress sites, injecting them with malicious scripts to display fake NFT and discount pop-ups. These pop-ups prompt visitors to connect their wallets to crypto drainers, ultimately stealing funds and NFTs. The attackers seek to monetize a large pool of hacked sites and have begun promoting these scams. Caution is advised when encountering unexpected pop-ups. Source: Security firm Sucuri.
From the meeting notes, it is clear that there has been an increase in the number of hacked WordPress sites displaying fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that automatically steal funds.
The website security firm Sucuri previously disclosed that hackers compromised around 1,000 WordPress sites to promote crypto drainers through malvertising and YouTube videos. It has now been revealed that these attacks involved a cluster of approximately 1,700 brute-forcing sites, including prominent examples like Ecuador’s Association of Private Banks website.
It is believed that the threat actors, having been unsuccessful with their original campaign, began deploying new scripts on the compromised sites to turn visitors’ web browsers into tools for brute-forcing admin passwords on other sites. These actors are now monetizing a pool of sites to display pop-ups promoting fake NFT offers and crypto discounts.
The malicious scripts are loaded from the domain dynamic-linx[.]com, and they generate promotional pop-ups urging victims to connect their wallets to mint a promising NFT or receive a discount on the website. When visitors connect their wallets to the site, the crypto drainer will steal all the funds and NFTs and send them to the threat actors.
To avoid falling victim to these malicious activities, it is advised to only connect your wallet to trusted platforms and to exercise caution with unexpected pop-up windows on websites, especially when they don’t align with the website’s primary subject or design. This information highlights the importance of maintaining vigilance and cybersecurity best practices when interacting with potentially compromised websites.