"Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks"

Threat actors are using malicious JavaScript injections to launch brute-force attacks on WordPress sites. According to Sucuri security researcher Denis Sinegubko, the distributed brute-force attacks target WordPress websites via the browsers of site visitors. The activity is part of an attack wave in which compromised WordPress sites are used to directly inject cryptocurrency drainers such as Angel Drainer or redirect site visitors to Web3 phishing sites with drainer malware. The new iteration is notable in that the injections, which have been found on over 700 sites to date, do not load a drainer but instead brute-force other WordPress sites using a list of common and leaked passwords. This article continues to discuss findings regarding the malware campaign involving distributed brute-force attacks against target WordPress websites from the browsers of unsuspecting site visitors.

THN reports "Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks"

Submitted by grigby1