Don't Hack Me

How I got the virus removed

When a hacker has access to one site, they can use it to access the rest so my host took action fast to ensure that the malicious files were contained. That means disabling access to all of my sites on the server, including Blogging Wizard. It's true that I do have a security plugin installed but it's also true that no security plugin will be able to offer complete protection.

I was hacked? What?

Additional Resources

Now that I've got AVG monitoring setup and access to their team, I can rest easier but the truth is that there are always other ways to improve WordPress security. AVG have a tool called SiteCheck which is a free malware scanner, it's not as good as the paid server-side scanner but it's a great option to get started with. Security plugins help but they can't cover every angle.

Haskers Gang's ZingoStealer

A new information-stealing malware, called ZingoStealer, has been identified. It possesses powerful data-stealing features and the ability to load additional payloads. Further, the info-stealer can mine Monero cryptocurrency. Soon after researchers from Cisco Talos discovered the offering, ZingoStealer changed hands and was transferred to another threat actor who is now believed to be undertaking further development efforts.

I was hacked? What?

When a hacker has access to one site, they can use it to access the rest so my host took action fast to ensure that the malicious files were contained. That means disabling access to all of my sites on the server, including Blogging Wizard. It’s true that I do have a security plugin installed but it's also true that no security plugin will be able to offer complete protection.

How I got the virus removed

Open your Windows Security settings. Select Virus & threat protection > Scan options. Select Windows Defender Offline scan, and then select Scan now. The Windows Defender Offline scan takes about 15 minutes to run, and then your PC will restart. View the results of your scan Open your Windows Security settings. Select Virus & threat protection > Protection history.

Additional resources

Over to you

Security matters. You don’t have to be an expert, there are plenty of resources like those listed above which you can use to secure your blog and rest easier. Nothing will ever be 100% secure but you need to be as prepared as possible. If anything happens there are great folks that do this work freelance or the awesome teams at companies like Sucuri who you can go to.

QR Codes Abused for Qshing Attacks

Almost two decades after they were developed, the prevalence and usage of quick response (QR) codes have expanded far beyond their original scope. While many uses are legitimate, threat actors also leverage the technology for malicious purposes.