About four weeks ago, (a little after the start of this class….. 🤔) it was discovered that thousands of WordPress sites were being used to mine Monero cryptocurrency, along with using a keylogger users’ login information, and possibly more. It functioned in such a way that users didn’t even have to hit the submit button in order to have their credentials stolen, and mining would start simply by visiting the page.
The keylogger runs on the entirety of the infected site, which opens the door for more than just WordPress logins to be captured, but also any data passed through the infected websites, such as possible bank credentials and e-mail addresses.
According to Bleeping Computer, 2,000 sites were infected by the keylogger. There’s no real way to tell if you are visiting an infected site without inspecting the source (and knowing what you’re looking for), so until the virus is wiped out, people should be wary of any WordPress managed site. If your browser suddenly starts eating up processing power when visiting a WordPress site, there is a good chance you’ve visited an infected one, and your computer is being used to mine Monero while you visit it.
Security experts still aren’t sure what caused the vulnerability aside from a blanket “WordPress is just bad”, and “this happens all the time to WordPress.”
Security experts are backing up their claims of WordPress’s dismal security practices by pointing out that within the past two months another entirely different keylogger was found infecting WordPress that infected 5,482 sites.
This entirely seperate keylogger was injected into Cloudflare scripts that used fake linter.js urls.
If the site has this malware running on it, there also is a chance that it also is using your computer to do cryptocurrency mining, but instead of mining only for Monero, this malware can mine whatever cryptocurrency the hacker so decides.
WordPress is so prone to hacking that there is a monthly journal to keep track of what wordpress vulnerabilities were found. Though it is hard to keep 18.9% of the internet running safely, and though it is easy to blame wordpress for not handling these attacks, part of the responsibility does lie with the admins of the pages.
However, the fact that wordpress seems to be this insecure just shows the kind of caution you need when going anywhere online.