More than 2,000 WordPress websites are infected with a keylogger
Malicious script logs passwords and just about anything else admins or visitors type.
By Dan Goodin
More than 2,000 websites running the open source WordPress content management system are infected with malware, researchers warned late last week. The malware in question logs passwords and just about anything else an administrator or visitor types.
The keylogger is part of a malicious package that also installs an in-browser cryptocurrency miner that's surreptitiously run on the computers of people visiting the infected sites. Data provided by website search service PublicWWW showed that, as of Monday afternoon, the package was running on 2,092 sites.