Brute-Force Attacks Hit WordPress: Sucuri Reveals Threat

In recent times, cybercriminals have intensified their assaults on WordPress-based sites, employing a cunning method of infection. Sucuri, a company specializing in web security, has uncovered a new campaign aimed at script injection.

Previously, an unknown perpetrator used this method to infect sites with scripts that compromised cryptocurrency accounts. Visitors were persuaded to link their wallets to the site, leading to the immediate withdrawal of all assets.

However, since the end of February, cybercriminals have shifted their tactics: their software now coerces the browser into conducting password brute-force attacks on WordPress platforms. This process is executed through a malicious script from a new domain, “dynamic-linx[.]com/chx.js”.

These scripts form a massive “army” for brute-forcing passwords, operating in an automated mode. Once a WordPress resource is infected, the code embeds itself into its HTML templates. When such pages are visited, the browser loads the program, which then silently communicates with a command server to receive a malicious order.

The task contains parameters for the attack: ID, the website’s URL, account name, the number of the current batch of passwords to check, and a hundred passwords to attempt. Should the script succeed, it informs its operators.

According to Sucuri’s research, over 1,200 sites have been infected by these scripts, underscoring the campaign’s truly substantial scale.

Experts contend that the cybercriminals’ strategic pivot from stealing cryptocurrencies to brute-force attacks aims to expand their influence. That is, the criminals seek to increase the number of infected sites. This, presumably, will enable them to target crypto assets again in the future. Sucuri analysts believe that previous methods were abandoned due to their low efficiency and ease of detection, leading to the rapid blocking of domains.