Imitation WordPressAPI Site Stealing Cookies
A website masquerading as a legitimate core WordPress API domain recently discovered by a security firm contained malicious code designed to collect visitors’ cookies and use them to hijack user sessions on legitimate websites. The domain name of the malicious site included a minor misspelling of “WordPressAPI” to evade detection and fool webmasters into thinking it was an official WordPress domain. The NJCCIC recommends administrators of affected WordPress websites perform a core file integrity checkand clean their sites. Checking the spelling and legitimacy of domain names when auditing code can help prevent unauthorized third-parties from obtaining site visitors’ sensitive data.