Unusual WordPress attack steals login credentials

WordPress, the Internet’s favorite content management system, is a common target for criminals who redirect innocent users to malware download sites.

But a new type of malware steals user login credentials instead, while leaving the rest of the user experience unchanged.

“It’s an interesting attack — we haven’t seen this before,” said Michael Sutton, VP of Security Research at San Jose-based cloud security vendor Zscaler, Inc., which recently issued a report about the malware.

“WordPress tends to be a very common target for attacks,” he said. “It’s broadly used, but tends to be pretty insecure and not well maintained. Typically, they inject some code to redirect the browser to download malware on the machine to participate in some botnet.”

To read this article in full or to leave a comment, please click here

Read more: Unusual WordPress attack steals login credentials

Story added 12. May 2015, content source with full text you can find at link above.