HQ/EMEAFind out how we can help your business
Hackers have recently targeted thousands of WordPress websites, deploying sneaky crypto drainers to steal cryptocurrency from unsuspecting visitors.
These cybercriminals have allegedly attacked approximately 2,000 WordPress sites, using fake NFT and discount pop-ups to bait users into linking their digital wallets. Once linked, these wallets become vulnerable to crypto drainers, automatically draining funds from the accounts.
Based on initial reports, the hackers had compromised around 1,000 WordPress sites. They spread their malicious crypto drainers through malvertising and YouTube videos. However, when their initial campaign did not achieve the hackers’ desired outcome, they switched tactics to deploying new scripts on compromised sites to brute-force admin passwords on other websites.
This network of over 1,700 sites, including high-profile targets like Ecuador’s Association of Private Banks website, has allowed the threat actors to create a larger pool of sites for future monetisation.
The hackers have already infected thousands of websites with ads laden with crypto drainers.
The operators of the crypto drainers have shifted their focus on monetising their pool of infected sites. They use them to display deceptive pop-ups advertising fake NFT offers and crypto discounts.
Although it is uncertain how many of these hacked sites currently show these malicious pop-ups, a recent study reveals that over 2,000 compromised websites have loaded the harmful scripts in the past weeks.
Researchers explained that these malicious scripts originate from a domain called dynamic-linx[.]com, the URL the initial researchers previously identified. These scripts check for a specific cookie and, if missing, inject malicious code into the webpage.
Subsequently, victims will be flooded with pop-ups prompting them to connect their wallets for promising NFTs or discounts. Clicking on these prompts steals all funds and NFTs in the linked account.
Various cybersecurity researchers issue warnings when visiting these infected websites; hence, users must remain vigilant.
Cybercriminals constantly evolve or shift their tactics, exploiting even well-known and trusted platforms. To protect digital assets from these threats, users must connect wallets to reputable platforms and refrain from accessing unexpected pop-ups, especially if their topics are irrelevant to the website.
By staying vigilant, users can safeguard themselves from falling victim to crypto drainers and other cyber threats.
