Malware Uses Fake WordPress API Domain to Steal Sensitive Cookies

17May - by Pax_tan - 0 - In News

Security researchers from Sucuri have found hacked WordPress sites that were altered to secretly siphon off cookies for user and admin accounts to a rogue domain imitating the WordPress API.

Chrome Bug Allows Sites to Record Audio and Video Without a Visual Indicator Ran Bar-Zik, a web developer at AOL, has discovered and reported a bug in Google Chrome that allows websites to record audio and video without showing a visual indicator.The bug is not as bad as it sounds, as the malicious website still needs to get the user's permission to a...

The attacker was sending stolen cookies to code.wordprssapi[.]com, a domain that was imitating a non-existent WordPress service.

Sucuri's Cesar Anjos says he found this malware during an incident response, hidden at the bottom of legitimate JavaScript files.

JavaScript malware designed to steal cookies

The malware's purpose was to steal cookies and send it to the official-looking domain whenever a user accessed the site and loaded the JavaScript code.

The target of this malware seems to be administrator accounts, and not regular users, who usually don't have accounts on the site, and their cookies are typically barren of any useful data.

On the other hand, the cookie files for site administrators contain data that can be used to mimic the admin without needing to know the site password. This type of attack, named session hijacking, would allow the attacker to access the site's backend, where he can then create a new admin user for himself.

A Hacker wants to Hack you before someone else does Dubbed Hajime, the latest IoT botnet malware, used by the hacker, has already infected at least 10,000 home routers, Internet-connected cameras, and other smart devices.But reportedly, it's an attempt to wrestle their control from Mirai and other malicious threats.Mirai ...

Sucuri experts did not say how this code was loaded on the hacked site, but the WordPress CMS ecosystem is known to be quite insecure, thanks to a plethora of outdated themes and plugins. WordPress users that use old themes and plugins unwittingly expose their site to all sorts of vulnerabilities that can allow hackers to take control of their site, or as in this case, gain an initial foothold to carry out more complex attacks.

While the WordPress team cannot force theme and plugin developers to keep their code up-to-date at all times, they do show warnings on the WordPress Plugins repo whenever users are trying to install outdated plugins.

WordPress launches bug bounty program

Furthermore, yesterday, the WordPress team launched an official bug bounty program on the HackerOne platform.

The bug bounty program is now open to everyone, after the WordPress team ran it in private for a few months, during which time they awarded rewards of $3,700 to bug reporters.

The program covers all official projects such as WordPress, BuddyPress, bbPress, GlotPress, and WP-CLI, as well as all official sites including,,,, and

Leave a Reply

Your email address will not be published. Required fields are marked *