The investigators reported that hackers change their tactic again. The scripts are still doing mining thanks to the visitors of compromised sites. Besides, the features of keyloggers are already used in their strategy.
First of all, attackers are interested in sites managed by WordPress, which are the main target of this team. Criminals compromise resources in any way they want, and then conceal their scripts, for example, in the functions.php file.
The experts emphasized that malicious scripts are downloaded both on the frontend and on the backend of sites, that is, they are able to capture logins and passwords that users type when logging into admin panel. On the frontend, scripts usually steal information intended for comments. After all, WordPress remain to be the basis for many online stores. This means that the numbers of bank cards and other personal data of users are at a great risk.
According to PublicWWW, these malicious scripts now penetrate into 5496 resources (Alexa admitted that these sites are among 200 000 of the most popular ones).