Security experts found two 0-day vulnerabilities in official Facebook plugins for popular CMS WordPress. Moreover,…
The attacks began on April 28, 2020 and resulted in a thirty-fold increase in the amount of malicious traffic monitored by the company.
“The gang uses more than 24,000 different IP addresses for attacks and has already tried to hack over 900,000 WordPress sites. The attacks peaked last Sunday, May 3, 2020, when hackers made over 20,000,000 attempts to break into 500,000 different domains”, – said Wordfence specialists.
Researchers write that, basically, the group relies on exploiting a variety of XSS vulnerabilities and, with their help, injects malicious JavaScript code into sites, and then redirects incoming traffic to resources to malicious sites.
Also, the malware used by cybercriminals checks if the visitor is logged in as an administrator to try automatically create a backdoor using his account.
Wordfence reports that attackers exploit the following vulnerabilities in their campaign:
According to Wordfence experts, in the future, the group behind the attacks can develop new exploits and expand their arsenal, which will entail attacks on other vulnerabilities.
I also remind you that we wrote about a bug in the Rank Math WordPress plugin, which allows assigning administrator privileges to any user.
Chernars.com is a domain that tries to force you into subscribing to its browser notifications…
Eclipse-adblocker.pro is a site that tries to trick you into clik to its browser notifications…
Initiateadvancedcompletelythe-file.top is a site that tries to force you into subscribing to its browser notifications…
Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…
Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…
Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…
View Comments
[…] attacks were carried out with 20,000 different IP addresses, most of which were previously used in another large-scale campaign, also targeted at WordPress sites and active in early May of this […]