A new malware campaign, originating from the wp3[.]xyz domain, has targeted more than 5,000 WordPress sites worldwide, facilitating admin account creation, malicious plugin injections, and data theft, according to BleepingComputer.
The attack leverages a script retrieved from the wp3[.]xyz domain, allowing cybercriminals to create deceptive admin accounts and install an information-stealing plugin. This plugin is designed to extract sensitive data such as admin credentials and activity logs, revealed a report by web security firm c/side.
Although the initial method of compromise remains unclear, researchers urge site administrators to take the following steps to safeguard their WordPress sites:
- Strengthen Security Defenses: Deploy firewalls and block access to the wp3[.]xyz domain.
- Audit Privileged Accounts and Plugins: Evaluate admin accounts and installed plugins for any signs of suspicious activity.
- Fortify Against CSRF Attacks: Implement server-side validation, unique token generation, and periodic regeneration to mitigate cross-site request forgery risks.
- Enable Multi-Factor Authentication (MFA): Add an extra layer of security to prevent unauthorized access.
This alarming campaign serves as a reminder for website administrators to stay vigilant, ensure regular updates, and adopt robust security practices to mitigate such threats.
