Security News > 2024 > March > Hacked WordPress sites use visitors' browsers to hack other sites
Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites.
They then hack X accounts, create YouTube videos, or take out Google and X advertisements to promote the sites and steal visitor's cryptocurrency.
Sucuri researchers reported that the threat actors were breaching compromised WordPress sites to inject the AngelDrainer wallet drainer in multiple waves from multiple URLs, the last being 'dynamiclink[.
In late February, the threat actor switched from wallet draining to hijacking visitors' browsers to bruteforce other WordPress sites.
According to a new report from Sucuri, the threat actor is using compromised WordPress sites to load scripts that force visitors' browsers to conduct bruteforce attacks for account credentials on other websites.
According to the HTML source code search engine PublicHTML, there are currently over 1,700 sites hacked with these scripts or their loaders, providing a massive pool of users who will be unwittingly conscripted into this distributed bruteforce army.