WP3.XYZ Malware Compromises Over 5,000 WordPress Sites
/ 1 min read
🔍 New malware campaign compromises over 5,000 WordPress sites. A recent investigation by c/side revealed a malware campaign that has created rogue admin accounts on more than 5,000 WordPress sites, utilizing the domain wp3[.]xyz to exfiltrate sensitive data. The attack involves a malicious script that installs a harmful plugin designed to collect administrator credentials and logs, disguising the data exfiltration as image requests. To mitigate the threat, c/side advises website owners to block the wp3[.]xyz domain, review privileged accounts, and enhance security measures such as implementing multi-factor authentication and strengthening CSRF protections. The initial infection vector remains undetermined, highlighting the need for vigilance among WordPress administrators.
