Abuse.ch cybersecurity experts: Corporate web proxy operators shoud block outgoing network traffic towards api.telegram .org. The malware until now exploited FTP or SMTP.
WordFence: Woocommerce Abandoned Cart WordPress plugin is vulnerable to XSS cyber attacks
According to Hacker Combat, when a vulnerable version of the Woocommerce Abandoned Cart plugin is installed, a cybercrime hacker could insert the malicious code through the shopping cart’s field itself. A script containing the instructions will then download backdoor programs using a specially crafted bit.ly link created by the cyber criminals. A new admin account is created in the system by the first backdoor, its default username and password are hard encoded in the script. The second backdoor script will then scan the WordPress system looking for any disabled plugin, it will then overwrite the disabled plugin with its own code, hence duplicating itself in the system to serve as a second way to re-infect the system once the backdoors were discovered.