The security desk at Ars Technica is reporting on a new attack where more than 2000 WordPress sites were infected with malware that can capture keystrokes (and passwords) within the administrative control panel. It also installs an in-browser crypto-currency miner that hijacks the computers of site visitors to run silently in the background.
Side effects of the infection can include blacklisting by search engines such as Google, and anti-virus/anti-spam sites such as McAfee and Yandex.
The attack is a repeat of a similar event from December, when more than 5000 web sites were found to be infected with the same malware, which was being hosted on servers belonging to CloudFlare, one of the internet’s largest content farms. Three new sites have been found hosting the malware thus far, but more may emerge in the coming months.
Security firm Securi has released a WordPress plugin that can help detect and clean the infection, and offers suggestions on how infected sites can clear their reputations with any companies that may have added a site to a blacklist.
The full text of the article, and some guidelines on how to check and/or clean up an infection can be found at the links below:
More than 2,000 WordPress websites are infected with a keylogger.