Session Hijacking, Cookie-Stealing WordPress Malware Spotted Posted on May 11, 2017 by Simon Steed Researchers spotted a strain of cookie stealing malware, injected into a legitimate JavaScript file, masquerading as a WordPress core domain.