New Windows malware can also brute-force WordPress websites

[silversurfer]

Content source

https://www.zdnet.com/article/new-windows-malware-can-also-brute-force-wordpress-websites/

A new malware strain named Clipsa has been making the rounds for the past year, infecting users from all over the world.

What stands out about this new threat is that besides classic malware features -- such as the ability to steal cryptocurrency wallet files, install a cryptocurrency miner, and hijacking the user's clipboard to replace cryptocurrency addresses -- Clipsa also includes a somewhat strange feature that allows it to launch brute-force attacks against WordPress websites.

This behavior is strange, mainly because most brute-force attacks against WordPress sites are carried out by botnets of infected servers or IoT devices.
Seeing desktop malware launch brute-force attacks on WordPress sites isn't novel, but it's strange and extremely rare.

"While we cannot say for sure, we believe the bad actors behind Clipsa steal further data from the breached [WordPress] sites," said Avast malware researcher Jan Rubín, in a technical deep dive into Clipsa's features he published earlier this week.
"We also suspect they use the infected [WordPress] sites as secondary C&C servers to host download links for miners, or to upload and store stolen data," he said.

Read more below:

New Windows malware can also brute-force WordPress websites

Avast discovers strange new malware strain that besides stealing and mining cryptocurrency on infected hosts, it also launches brute-force attacks on WordPress sites.

www.zdnet.com

Clipsa - Multipurpose password stealer - Avast Threat Labs

High level overview Clipsa is a multipurpose password stealer, written in Visual Basic, focusing on stealing cryptocurrencies, brute-forcing and stealing administrator credentials from unsecured WordPress websites, replacing crypto-addresses present in a clipboard, and mining cryptocurrencies on...

decoded.avast.io