WordPress reports a brute force attack to gain access to different blogs and be able to mine, through software, the Monero cryptocurrency and they are made with a total of 217 XMR.

This week WordPress has suffered a brute force attack with the intention of obtaining administrator passwords on different websites and integrating a software that mining Monero. According to the Wordfence report, 190.000 attacks per hour have been detected on different websites, being the most important attack on WordPress since 2012. The attack began last Monday.

Wordfence stated that the attack had to do with a leaked file on Reddit and GitHub, with 1.400 million user and password combinations. Research has shown that it is due to 'a combination of common and heuristic password lists, based on the domain name and the contents of the attacking site'. The brute force attack is based on combining passwords or phrases with the intention of hitting the target. The leaked database could have helped reduce the workload of attackers. With access the attackers install mining software for Monero and in turn use the site to carry out brute force attacks.

The infected website (s) do not do both, they are either used to mine Monero or they are used to attack other portals. Based on the two Monero wallets found for this trade, the Wordfence team says that 217 XMRs have been mined, which would be worth around $ 100.000. This is in addition to malware attacks like Loapi, web miners like CoinHive, which are flooding the network. These attacks and infections will be stopped and controlled over time, but now they are a risk for users, who must be careful not to damage their systems with these malware.