5,000 WordPress Sites Hit By WP3.XYZ Malware Campaign

More than 5,000 WordPress sites worldwide have been breached to facilitate admin account creation, malicious plugin injection, and data exfiltration as part of a novel attack campaign involving malware retrieved from the wp3[.]xyz domain, according to BleepingComputer.

Impacted websites, whose initial means of compromise remains uncertain, had a script retrieved from the wp3[.]xyz domain enabling the establishment of a deceptive admin account before installing an information-stealing plugin targeting admin credentials, logs, and other sensitive details, according to a report from c/side, a webscript security firm.

These findings should prompt website admins to leverage firewalls and other security systems to deter the wp3[.]xyz domain. Admins have also been urged to evaluate privileged accounts and install plugins to address suspicious activity, as well as fortify WordPress sites' cross-site request forgery defenses through server-side validation, unique token generation, and periodic regeneration. The researchers also recommended teams install multi-factor authentication.