Threat Management, Malware, Network Security

Cookie monster: Researchers detect malware that steals cookies, hijacks WordPress sessions

Share

Sucuri researchers recently observed a malware attack that injected obfuscated code into a JavaScript file in order to steal web users' cookies and hijack their WordPress sessions.

According to a Sucuri blog post published on Tuesday, the malicious script – discovered during an incident response investigation – included the fake, malicious domain "code.wordprssapi[.]com", where users' cookie data was sent. (Note the missing "e" in "wordprssapi".) Hackers used a typosquatting strategy to create a domain that looked very similar to that a real, legitimate web service in order to go unnoticed by webmasters. (As it so happens, the properly spelled "code.wordpressapi[.]com" has nothing to do with WordPress either, Sucuri notes.)

Regardless of the legitimacy of the domain referenced in the script, the act of sending cookies to another domain is "always a red flag," Sucuri noted, because "Cookies contain a wealth of private information that should not be shared."

Cookie monster: Researchers detect malware that steals cookies, hijacks WordPress sessions

Sucuri researchers recently observed a malware attack that injected obfuscated code into a JavaScript file in order to steal web users' cookies and hijack their WordPress sessions.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.