Crypto-mining Malware Hitting WordPress Websites Getting Critical

Back in Feb 2018, the cyber threats seem like they were over. But it is apparent that is is not. 

caution

We were first made aware of the crypto-mining malware that are hitting websites last year in 2017. Making waves against unprotected, or defenseless websites, this program was able to take over resources used by the websites to mine for digital currency.

On top of the reports by Sucuri that we mentioned in our previous coverage here, the security researcher Troy Mursch at Bad Packets Report also shared his findings over at his blog post here with updates and insights about the malware.

His post can be quite technical, so if you don;t want to get bored, you do not have to click through. The TL;DR is as follows:

He shared that about 50,000 websites were hit with the malware, and out of that about 7,400 of those websites were WordPress based.

Troy also indicated that some government and public service agencies were still running the digital mining malware on their websites, along with several legitimate websites (not the phishing kind). Of course they were not running these malware voluntarily, it could be that they are not even aware that they were breached.

What else could have caused the breaches?

Here are a few ways that your WordPress website could have been accessed by the malware:

  1. Not updating the core WordPress software
  2. Not updating the WordPress plugins that were used in the website
  3. Keeping old themes that are used on WordPress websites, and not updating them.

How can CTARe help?

Simple: let us manage it for you. Our managed IT solution not only helps you in your IT administration, we also provide backups, and cyber security for your workstations, servers, and website.

Just looking at just website security? Look at our managed website security here.

And to help you out with your website updates, backups, and performance optimizations, uptime monitoring; be sure to have a look at our website care solution over here. We already bundled in website security into these plans. We got your back!