#WordPressAttacks

Evasive Sign1 malware campaign infects 39,000 WordPress sites

by

March 21, 2024 at 12:02PM The Sign1 malware campaign has infected over 39,000 websites, injecting malicious scripts into WordPress sites by exploiting vulnerabilities or using brute force attacks. The malware uses time-based randomization and dynamic URLs to evade detection, redirects visitors to scam sites, and has evolved to become more resilient. Website owners are advised … Read more

Hacked WordPress sites use visitors’ browsers to hack other sites

by

March 6, 2024 at 05:40PM Hackers have been targeting WordPress sites with widescale attacks, initially using crypto wallet drainer scripts to steal cryptocurrency. More recently, they have switched to injecting malicious scripts that force visitors’ browsers to conduct bruteforce attacks on other websites. The threat actor’s goal seems to be building a larger portfolio of … Read more