More than 5,000 WordPress sites worldwide have been breached to facilitate admin account creation, malicious plugin injection, and data exfiltration as part of a novel attack campaign involving malware retrieved from the wp3[.]xyz domain, according to BleepingComputer.
Impacted websites, whose initial means of compromise remains uncertain, had a script retrieved from the wp3[.]xyz domain enabling the establishment of a deceptive admin account before installing an information-stealing plugin targeting admin credentials, logs, and other sensitive details, according to a report from c/side, a webscript security firm.
These findings should prompt website admins to leverage firewalls and other security systems to deter the wp3[.]xyz domain. Admins have also been urged to evaluate privileged accounts and install plugins to address suspicious activity, as well as fortify WordPress sites' cross-site request forgery defenses through server-side validation, unique token generation, and periodic regeneration. The researchers also recommended teams install multi-factor authentication.
