Thursday, February 27, 2025
Follow us On Linkedin
HomeMalwareBuggy Malware Attack on Wordpress Websites by Exploiting Newly Discovered Theme...

Buggy Malware Attack on WordPress Websites by Exploiting Newly Discovered Theme & Plugin Vulnerabilities

MalwareWordpress

Published on

By Balaji
buggy malware

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Researchers discovered an ongoing buggy malware campaign that attempts to exploit the newly discovered vulnerabilities resides in the WordPress theme and plugin.

Cybercriminals are always curious about developing the exploits soon after the new vulnerabilities found in wide particularly sites that running under WordPress.

Attackers are cleverly changing the new domains every week by slightly modifying the obfuscation of their malicious script and evade the detection from the security implementation.

Denis Sinegubko, a security researcher from Sucuri uncovered that the attackers initiate the malware campaign from following new domains which were created between 19-21 September.

dns.createrelativechanging[.]com 
bes.belaterbewasthere[.]com 

There are different types of obfuscation methods used by attackers in the new wave of a malware campaign nad is using the code infection technique to implant the malicious script into the targeted websites.

Researchers have roughly collected nearly 89 sites with this buggy code indexed by PublicWWW.

Latest Injections

New research found a malicious script from one of the infected websites has tried to exploit the Rich Reviews plugin.

According to Sucuri research” we find a more elaborate obfuscation method that uses random variable names and comments inside the character code array. “

Another obfuscation method, an injection script executes an XSS exploit code for logged in users that attempts to change the site URL and home options.

“These two types of obfuscation were clearly not enough for the bad actors, however. researchers also noticed a number of other obfuscation methods used in this new wave of campaign.”

Researchers clarified that the bug in the Javascript code isn’t working doesn’t mean that webmasters should ignore this threat, but it is a clear indication of those sites are vulnerable for future attacks and not attempt most likely be successful.

If you find any sign in your WordPress site that infected with malware, you need to immediately clean it and harden the site to prevent future attacks.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Android

Google’s SafetyCore App Secretly Scans All Photos on Android Devices

Recent revelations about Google’s SafetyCore app have ignited a firestorm of privacy debates, echoing...
Apple

New “nRootTag” Attack Turns 1.5 Billion iPhones into Free Tracking Tools

Security researchers have uncovered a novel Bluetooth tracking vulnerability in Apple’s Find My network...
Cyber Security News

Authorities Arrested Hacker Behind 90 Major Data Breaches Worldwide

Cybersecurity firm Group-IB, alongside the Royal Thai Police and Singapore Police Force, announced the...
Cisco

Cisco Nexus Vulnerability Allows Attackers to Inject Malicious Commands

Cisco Systems has issued a critical security advisory for a newly disclosed command injection...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

APT

Ghostwriter Malware Targets Government Organizations with Weaponized XLS File

A new wave of cyberattacks attributed to the Ghostwriter Advanced Persistent Threat (APT) group...
cyber security

Threat Actors Using Ephemeral Port 60102 for Covert Malware Communications

Recent cybersecurity investigations have uncovered a sophisticated technique employed by threat actors to evade...
cyber security

Poseidon Mac Malware Hiding Within PKG Files to Evade Detections

A recent discovery by cybersecurity researchers has revealed that the Poseidon malware, a macOS-targeting...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved