Crypto malware attacks on WordPress and airports
Security

Crypto malware attacks on WordPress and airports

By Alfredo de Candia - 18 Oct 2019

Chevron down

Recently, several security teams have had to deal with some crypto mining malware attacks, which have been detected both in a WordPress plugin and in an European airport.

As far as the airport malware is concerned, the Cyberbit team found it directly on site during a security check. Using their EDR (Endpoint Detection and Response) the team found out that more than 50% of the PCs had been infected with crypto malware.

From the report, it is clear that the incriminated file player.exe, initiated by the PAExec tool, allowed to remotely access computers and then take control of them to install mining software.

As reported by the team, all the machines had installed a standard antivirus protection and therefore, in theory, they were supposed to be protected from this type of attack, but this was not the case because malware also updates and finds a different way to access the PCs, bypassing the traditional antivirus protections.

Crypto malware: WordPress also under attack

A similar system has also been used to place a crypto malware within a WordPress plugin. Via a website that contained this compromised plugin, wpframework, hackers were able to access the PCs where this WordPress plugin was installed, via a back door.

It is interesting to note that the plugin itself contained legitimate information, but it was in the code that the real crypto malware resided, which, with appropriate commands, was able to bypass the system and install a bitcoin mining system.

Crypto malware can be hidden in unthinkable places: only recently a malware that mines Monero has been discovered inside an audio file; even an advanced system like an airport can’t escape this kind of attack. But it could have been even worse, as happened in recent months in Baltimore, where the malware in question, a ransomware, has partially blocked the city.

 

Alfredo de Candia
Alfredo de Candia

Android developer for over 8 years with a dozen of developed apps, Alfredo at age 21 has climbed Mount Fuji following the saying: "He who climbs Mount Fuji once in his life is a wise man, who climbs him twice is a Crazy". Among his app we find a Japanese database, a spam and virus database, the most complete database on Anime and Manga series birthdays and a shitcoin database. Sunday Miner, Alfredo has a passion for crypto and is a fan of EOS.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.