Keylogger Found on Nearly 5,500 Infected WordPress Sites
Found on Bleeping Computer on Thursday, 07 December 2017
The malicious script is being loaded from the "cloudflare.solutions" domain, which is not affiliated with Cloudflare in any way, and logs anything that users type inside form fields as soon as the user switches away from an input field.
The script is also dangerous when left to run on the frontend. While on most WordPress sites the only place it could steal user data is from comment fields, some WordPress sites are configured to run as online stores. In these instances, attackers can log credit card data and personal user details.
It does not appear to be much different than those other plugins which send all your interaction to remote servers, so some marketing companies can replay your browser session,