Keylogger Found On Nearly 5,500 WordPress Sites

An anonymous reader writes: Nearly 5,500 WordPress sites are infected with a malicious script that logs keystrokes and sometimes loads an in-browser cryptocurrency miner. The malicious script is being loaded from the "cloudflare.solutions" domain, which is not affiliated with Cloudflare in any way, and logs anything that users type inside form fields as soon as the user switches away from an input field. The script is included on both the sites' frontends and backends, meaning it can steal both admin account credentials and credit card data from WP sites running e-commerce stores. According to site source code search engine PublicWWW, there are 5,496 sites running this keylogger. The attacker has been active since April.

Use NoScript. It works the best (eve n in FF57)

[DrYak]

Some of the most popular extensions are those that help prevent JavaScript from being used maliciously, and these kinds of extensions were among the ones to suffer the worst breakage, due to being so intricately tied to the operation of the browser.

Regarding ads:
uBlock Origin - was WebExtension compatible in advance, well before the release of FF57 (I use that one)
uBlock - was WebExtension compatible in advance, well before the release of FF57
AdBlock Plus - was WebExtension compatible in advance, well before the release of FF57

Regarding trackers:
FSF's Prvacy Badger - was WebExtension compatible in advance, well before the release of FF57 (I use that one)

Regarding script blocking :
uMatrix - was WebExtension compatible in advance, well before the release of FF57
NoScript - well Giogio Maone was a tiny bit in a hurry, but slill manage to make it compatible within a couple of days after the release of FF57. Still kudos to him for having managed it. (I use that one)

etc.

Well what was you point ?

Yup, maybe that weird specific no widely known extension that 3 other people beside you use, and whose authors have abandoned for the last 10 year, maybe that extension broke for you in FF57.

Meanwhile, all the major security extension were transitioned more or less on time. Partly on the grounds of Mozilla crew members closely collaborating with extension authors, to make sure that their WebExtensions interface provides all the necessary API to make the functionality possible.

So I would suggest that you stop bitching about the change of API by spitting the same copy-pasta whining on each remotely relevant /. news story, and instead spend your time and effort switching to extensions with a tiny bit more active developers and a little bit more active community than whatever rare precious gem you were using up until now.

While there have been efforts to port some of these extensions to Firefox's new WebExtensions model, in some cases it has proven to be impossible to replicate the existing functionality because WebExtensions is so, for a lack of a better word, crippled.

Which is why Mozilla devs have actively reached out to authors of popular XUL extensions to see how they could make them still work once transitioning to the WebExtensions API.
All the major security extensions worth mentioning have more or less finished transitioning, despite some of them not working on the Google's Chrome spin of WebExtensions.

So I'm now wondering how many Firefox users are now browsing without any kind of protection from malicious JavaScript code. I'm thinking it could be a far higher number than we might expect

I'm thinking it's only the stupider ones among them like you, who can't even put some though into the selection of security tools they'll use.

Next time, pick an extension with an author that is still alive and a number of users which exceeds your direct family.