In a blog post by Securi, it has been found that 5,482 WordPress websites infected with a keylogger. The malware, hiding as "cloudflare.solutions" was a part of a larger infection that injected a fake jQuery and Google Analytics script that was in reality a CoinHive cryptocurrency miner.
If anyone has a WordPress site, you should head over to Securi's blog to see how to find and remove the malware. And I'll be the one to say it, this is just another way that mining is screwing people over.
Given the keylogger functionality of this malware, you should consider all WordPress passwords compromised so the next mandatory step of the cleanup is changing the passwords (actually it is highly recommended after any site hack). Don’t forget to check your site for other infections too. Many sites with the cloudflare.solutions malware also have injected coinhive cryptocurrency miner scripts.
If anyone has a WordPress site, you should head over to Securi's blog to see how to find and remove the malware. And I'll be the one to say it, this is just another way that mining is screwing people over.
Given the keylogger functionality of this malware, you should consider all WordPress passwords compromised so the next mandatory step of the cleanup is changing the passwords (actually it is highly recommended after any site hack). Don’t forget to check your site for other infections too. Many sites with the cloudflare.solutions malware also have injected coinhive cryptocurrency miner scripts.