1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Unusual Wordpress attack steals login credentials

Discussion in 'CSO' started by RSS, May 12, 2015.

  1. RSS

    RSS New Member Member

    Wordpress, the Internet's favorite content management system, is a common target for criminals who redirect innocent users to malware download sites.

    But a new type of malware steals user login credentials instead, while leaving the rest of the user experience unchanged.

    "It's an interesting attack -- we haven't seen this before," said Michael Sutton, VP of Security Research at San Jose-based cloud security vendor Zscaler, Inc., which recently issued a report about the malware.

    "Wordpress tends to be a very common target for attacks," he said. "It's broadly used, but tends to be pretty insecure and not well maintained. Typically, they inject some code to redirect the browser to download malware on the machine to participate in some botnet."

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page