Malware containing keylogger & mining scripts is prevalent in WordPress, infecting nearly 5500 sites

byKaitlyn Baker

In November 2017jQueryAnd malware "cloudflare [.] Solution" which makes it look like a Google Analytics code to load a mining script is prevalent. As of November, the number of infected sites was 1833, but after that malware evolvedKeyloggerIt also found that the number of infected sites is approaching 5500.

Cloudflare [.] Solutions Keylogger on Thousands of Infected WordPress Sites
https://blog.sucuri.net/2017/12/cloudflare-solutions-keylogger-on-thousands-of-infected-wordpress-sites.html


Hacked Websites Mine Cryptocurrencies
https://blog.sucuri.net/2017/09/hacked-websites-mine-crypocurrencies.html

Security company · According to Sucuri, you set up your own script like PirateBay,Mining is done by borrowing the CPU resource of the user who visited the siteWhile there are sites, there are also people who think about misuse of scripts for mining, and WordPress said that a small number of sites are infected with malware that arbitrarily embeds mining scripts.

The malware "cloudflare [.] Solution" confirmed in November 2017,jQueryAnd maliciously causing malicious code to load as mining script as Google Analytics code, infection has been confirmed on 1833 sites as of November 2, 2017.

One month has passed since then the situation got even worse. While "cloudflare [.] Solution" also incorporates the function of the keylogger that records the key entry contents, it evolves, while the number of infected sites has increased to 5496.

"cloudflare.solutions/ajax" - 5496 Websites - PublicWWW.com
https://publicwww.com/websites/%22cloudflare.solutions%2Fajax%22/

Since these malicious code is embedded in the WordPress theme "function.php", Sucuri calls for the removal of "add_js_script" function and all "add_action" clauses related to "add_js_scripts". It also points out that it is also necessary to change the password after removal of code, as WordPress password may already have been stolen by including the keylogger function.