Thousands of WordPress sites impacted by WP3.XYZ malware campaign

More than 5,000 WordPress sites worldwide have been breached to facilitate admin account creation, malicious plugin injection, and data exfiltration as part of a novel attack campaign involving malware retrieved from the wp3[.]xyz domain, according to BleepingComputer.

Impacted websites, whose initial means of compromise remains uncertain, had a script retrieved from the wp3[.]xyz domain enabling the establishment of a deceptive admin account before installing an information-stealing plugin targeting admin credentials, logs, and other sensitive details, a report from c/side, a webscript security firm, revealed. Such findings should prompt website admins to leverage firewalls and other security systems to deter the wp3[.]xyz domain. Admins have also been urged to not only evaluate privileged accounts and installed plugins to address suspicious activity but also fortify WordPress sites' cross-site request forgery defenses through server-side validation, unique token generation, and periodic regeneration, said researchers, who also recommended the implementation of multi-factor authentication.