Although WannaCry, the massive worldwide ransomeware attack, is the biggest story these days when it comes to cyber crime, it’s definitely not the only issue causing problems for sites right now.
Last week, website security leader Sucuri identified code that appears to be WordPress API related, but is actually sending active cookie data to attackers. This is most problematic when the active user is a site admin because it gives someone the opportunity to create a new admin user which can be then used to do considerable damage to a site and/or gain access to user data.
What makes the code somewhat tricky to spot is that it uses the domain “code.wordprssapi[.]com”. At a quick glance it seems like it could be real, but Sucuri recommends webmasters always check to make sure domains are legitimate, especially when sending or receiving data to third-party sites.
For more information about this attack and ways to reduce the risks of introducing malware into your WordPress site, check out the following:
- “Malware Uses Fake WordPress API Domain to Steal Sensitive Cookies” – from Bleeping Computer (5/17/17)
- “ Session Hijacking, Cookie-Stealing WordPress Malware Spotted” – from Threatpost (5/10/17)