Monday, November 25, 2024
HomeBackdoorNew Malware Attack Targeting 60 Million Wordpress Websites to add Backdoor &...

New Malware Attack Targeting 60 Million WordPress Websites to add Backdoor & Exploit Plugins Vulnerability

Published on

Researchers discovered an ongoing malvertising campaign targeting millions of WordPress websites to infect with backdoor and exploiting the various WordPress plugins vulnerabilities.

According to WordPress, there are nearly 60 million Websites power by WordPress content management system and hundreds of WordPress Plugins are installed that developers by various developers around the globe.

Cybercriminals launch the payload by exploiting the vulnerabilities that reside in some of the most popular WordPress plugins and injecting malicious scripts in unpatched WordPress website.

- Advertisement - SIEM as a Service

This new campaign intended to attack millions of WordPress websites to take complete control and redirect visitors to malicious sites where attackers deliver the malware droppers and also add the backdoor.

Researchers from Wordfence new investigations revealed that the initial malware attack coming from many IP has linked with a web hosting provider.

Short after they uncovered that there is only one IP address has involved with this ongoing malware campaign and the IP associated with a Rackspace server, in which some of the compromised websites are hosted.

Attackers Exploiting WordPress Plugins & Add Backdoor

There are many popular WordPress Plugins are targeting by this ongoing campaign, and also new vulnerabilities are added to the list of targets as they’re discovered.

Very recently, NinTechNet warned WordPress users by a disclosed flaw in the Bold Page Builder plugin that installed by more than 20,000 WordPress website and the attackers actively exploiting this vulnerability in wide to compromise the WordPress powered websites.

According to Wordfence, Similarly, following the famous WordPress Plugin’s are actively targeting by this new campaign.

Bold Page Builder
Blog Designer
Live Chat with Facebook Messenger
Yuzo Related Posts
Visual CSS Style Editor
WP Live Chat Support
Form Lightbox
Hybrid Composer
All former NicDark plugins (nd-bookingnd-travelnd-learning, et. al.)

Sadly, Threat actors keep on update this campaign if there will be any vulnerabilities disclosed in the near future to attack the new targets.

The initial stage of research, the researcher finds that the attacker injects the malicious scripts to redirect the visitors to a malicious website and pushing unwanted pop-ups.

But a new wave of campaign infected the vulnerable WordPress with a backdoor to exploiting the admin session and take control over the site.

Attackers injecting the obfusticated script to evade the to avoid detection by WAF and IDS software.

A Javascript payload that delivered by this campaign is capable of let attack attacker create a new administrator account, and also the attacker is free to install further backdoors or perform other malicious activity.

Read here the some of most Important Considerations Check to Setup Your WordPress Security and prevent from the cyber attack and used WPScan or other penetration testing tool to find the security vulnerabilities.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and Hacking News update.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to...

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in...