Threat actors behind the campaign have deployed brute-force attacks to infiltrate WordPress sites before exploiting HTML widgets and the Simple Custom CSS and JSS plugin to facilitate Sign1 malware injection.
Article Link: Thousands of WordPress sites impacted by Sign1 malware campaign | SC Media