Clipsa WordPress Malware infecta Blogs Globalmente

O malware Clipsa WordPress é um novo ataque global que é contra blogs que são alimentados por este sistema de gerenciamento de conteúdo. At the moment there is no information about the perpetrators however we can conclude that they are very experienced. This WordPress virus will brute force the target sites and also deploy other malware such as a clipboard hijacker.

The Clipsa WordPress Malware Is Leveraged Against Blogs Worldwide

WordPress blog owners should be very cautious about their sites as security reports indicate that a new WordPress specific virus has been discovered. It is known as the Clipsa WordPress malware and it will run a complex sequence of malicious actions as soon as the infection is made. At the moment the majority of countries which are reported include the following: Índia, Bangladesh, as Filipinas, Brasil, Paquistão, Espanha, and Italy.

The main technique which is used to distribute it against the intended targets is via ataques de força bruta. The virus will attempt to guess the account credential of the site using this automated process — this can be done either by using dictionary-based wordlists or an algorithm.

As soon as the malware has breached the site it will look for a wallet.dat files — these are the common data bearing files which are used by cryptocurrency wallet software. If the hackers identify such a file it will be immediately hijacked and sent to the hackers. This will them to withdraw funds and replace the incoming addresses. Effectively this means that transactions that are forwarded to this address can be replaced and sent to the criminals instead.

relacionado: [wplinkpreview url =””]Coreano Sites WordPress alvo de campanha de spam em massa

The malware sequence will also search any uploaded TXT files for strings in the BIP-39 format which is used to store Bitcoin seed recovery phrases. In some cases they can serve as credentials for cryptocurrency wallets. If such are found the values will be stored in a separate file and uploaded to a special server. A distinct process is the uploading of a sequestrador de prancheta — a malicious tool which will monitor the contents of the clipboard as it is entered by both the owners and the users. An automatic trigger can be can be set if a text pattern related to cryptocurrency is entered.

In some of the cases the Clipsa WordPress malware can deploy various mineiros criptomoeda across the blog’s hosted pages. They can take the form of small-sized scripts that will activate them as soon as the pages are opened. They are intended to download a sequence of malicious tasks that will place a heavy impact on the system’s performance.


Martin Beltov

Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar