Clipsa WordPress Malware Infects Blogs Globally
CYBER NEWS

Clipsa WordPress Malware Infects Blogs Globally

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

The Clipsa WordPress malware is a new global attack which is set against blogs that are powered by this content management system. At the moment there is no information about the perpetrators however we can conclude that they are very experienced. This WordPress virus will brute force the target sites and also deploy other malware such as a clipboard hijacker.




The Clipsa WordPress Malware Is Leveraged Against Blogs Worldwide

WordPress blog owners should be very cautious about their sites as security reports indicate that a new WordPress specific virus has been discovered. It is known as the Clipsa WordPress malware and it will run a complex sequence of malicious actions as soon as the infection is made. At the moment the majority of countries which are reported include the following: India, Bangladesh, the Philippines, Brazil, Pakistan, Spain, and Italy.

The main technique which is used to distribute it against the intended targets is via brute force attacks. The virus will attempt to guess the account credential of the site using this automated process — this can be done either by using dictionary-based wordlists or an algorithm.

As soon as the malware has breached the site it will look for a wallet.dat files — these are the common data bearing files which are used by cryptocurrency wallet software. If the hackers identify such a file it will be immediately hijacked and sent to the hackers. This will them to withdraw funds and replace the incoming addresses. Effectively this means that transactions that are forwarded to this address can be replaced and sent to the criminals instead.

Related:
WordPress sites are being targeted by an unknown hacking group with a large-scale phishing attack, read our article for more information
Korean WordPress Sites Targeted By Massive Spam Campaign

The malware sequence will also search any uploaded TXT files for strings in the BIP-39 format which is used to store Bitcoin seed recovery phrases. In some cases they can serve as credentials for cryptocurrency wallets. If such are found the values will be stored in a separate file and uploaded to a special server. A distinct process is the uploading of a clipboard hijacker — a malicious tool which will monitor the contents of the clipboard as it is entered by both the owners and the users. An automatic trigger can be can be set if a text pattern related to cryptocurrency is entered.

In some of the cases the Clipsa WordPress malware can deploy various cryptocurrency miners across the blog’s hosted pages. They can take the form of small-sized scripts that will activate them as soon as the pages are opened. They are intended to download a sequence of malicious tasks that will place a heavy impact on the system’s performance.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...