• Huge cybercrime attack sees 390,000 WordPress websites hit, detai

    From TechnologyDaily@1337:1/100 to All on Monday, December 16, 2024 14:15:05
    Huge cybercrime attack sees 390,000 WordPress websites hit, details stolen

    Date:
    Mon, 16 Dec 2024 14:03:00 +0000

    Description:
    Along with WordPress websites, dozens of devices were also infected with cryptojackers.

    FULL STORY ======================================================================Research ers found a malicious package on NPM, uploaded a year ago It was benign at first, and introduced malware later via an update The malware stole hundreds of thousands of secrets and installed cryptojackers on dozes of computers

    For roughly a year, hackers have been infecting red teamers, penetration testers, security researchers, as well as other hackers, with a piece of malware that steals WordPress credentials and other sensitive data, and installs cryptominers on compromised endpoints.

    As a result, login credentials for some 390,000 WordPress accounts were stolen, and dozens of systems were found mining Monero.

    Cybersecurity researchers Datadog Security Labs spotted the attack on the NPM package repository, and in GitHub, after researchers from Checkmarx also sounded the alarm on the same campaign recently.

    The package was pretending to be an XML-RPC implementation, and was first uploaded to the repository in October 2023. Until November 2024, when it was finally discovered as malicious, it received 16 updates. Legitimate at first

    Datadog noted ho the attackers were tactical in their approach, first uploading a package that was legitimate and worked as intended. The malicious code was introduced in later versions, and designed to steal SSH keys, bash history, and other data, every 12 hours. The data it collects would get extracted either via Dropbox, or File.io.

    To make matters worse, researchers and security pros that would introduce XML-RPC into their own products would just expand the reach of the malware, turning it into a full-blown supply chain attack.

    Datadog said that ultimately, the team found 68 compromised systems that were actively mining the Monero currency. Monero, with the XMR ticker, is most often mined with a cryptojacker called XMRig. This is a popular currency
    among thieves since its fully anonymous and very difficult to trace.

    The identity of the threat actors was not discovered, but the researchers dubbed the group MUT-1224, which is short for Mysterious Unattributed Threat.

    Major code repositories remain a vital platform for cybercriminals, the researchers concluded, stressing that developers should be extra careful when using open-source software.

    Via BleepingComputer You might also like Hundreds of malware-laden fake npm packages posted online to try and trick developers Here's a list of the best antivirus tools on offer today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/huge-cybercrime-attack-sees-390-000-wor dpress-websites-hit-details-stolen


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)