"Hackers Deploy Crypto Drainers on Thousands of WordPress Sites"

About 2,000 hacked WordPress sites now show fake NFT and discount pop-ups, tricking visitors into connecting their wallets to cryptocurrency drainers that automatically steal funds. Last month, the website security company Sucuri revealed that hackers had compromised around 1,000 WordPress sites in order to promote cryptocurrency drainers through malvertising and YouTube videos. It is suspected that the threat actors were unsuccessful in their initial campaign and began deploying news scripts on compromised sites to convert visitors' web browsers into tools for brute-forcing admin passwords on other sites. These attacks involved about 1,700 brute-force sites, with the goal of creating a large enough pool of sites that they could later monetize in a bigger campaign. This article continues to discuss findings regarding the deployment of cryptocurrency drainers on thousands of WordPress sites.

Bleeping Computer reports "Hackers Deploy Crypto Drainers on Thousands of WordPress Sites"

Submitted by grigby1

Submitted by grigby1 CPVI on