A security breach, believed to be the work of a cybercrime group based out of Europe, compromised WordPress sites using sets of administrator logins to upload malware. Their malware was uploaded to company’s actual sites, and also infected the clients that visited the respective sites. The hackers essentially compromised computers, creating a private cloud on the infected PCs, and offering a complex, paid proxying service for other cybercrime groups. The main targets for this attack were financial accounts, online banking information, and also included a range of routes for the hackers for further monetization of infected computers. According to researchers at Proofpoint, the botnet used by the cybercrime group has stolen confidential information from nearly 800,000 accounts. Around 59% of the credentials were from five of the largest banking institutions in the United States.
The team at Proofpoint has released an analysis of this 500,000 strong botnet. To review the report, please click here.