Saturday, December 2, 2023

New Malware Attack Targeting 60 Million WordPress Websites to add Backdoor & Exploit Plugins Vulnerability

Researchers discovered an ongoing malvertising campaign targeting millions of WordPress websites to infect with backdoor and exploiting the various WordPress plugins vulnerabilities.

According to WordPress, there are nearly 60 million Websites power by WordPress content management system and hundreds of WordPress Plugins are installed that developers by various developers around the globe.

Cybercriminals launch the payload by exploiting the vulnerabilities that reside in some of the most popular WordPress plugins and injecting malicious scripts in unpatched WordPress website.

This new campaign intended to attack millions of WordPress websites to take complete control and redirect visitors to malicious sites where attackers deliver the malware droppers and also add the backdoor.

Researchers from Wordfence new investigations revealed that the initial malware attack coming from many IP has linked with a web hosting provider.

Short after they uncovered that there is only one IP address has involved with this ongoing malware campaign and the IP associated with a Rackspace server, in which some of the compromised websites are hosted.

Attackers Exploiting WordPress Plugins & Add Backdoor

There are many popular WordPress Plugins are targeting by this ongoing campaign, and also new vulnerabilities are added to the list of targets as they’re discovered.

Very recently, NinTechNet warned WordPress users by a disclosed flaw in the Bold Page Builder plugin that installed by more than 20,000 WordPress website and the attackers actively exploiting this vulnerability in wide to compromise the WordPress powered websites.

According to Wordfence, Similarly, following the famous WordPress Plugin’s are actively targeting by this new campaign.

Bold Page Builder
Blog Designer
Live Chat with Facebook Messenger
Yuzo Related Posts
Visual CSS Style Editor
WP Live Chat Support
Form Lightbox
Hybrid Composer
All former NicDark plugins (nd-bookingnd-travelnd-learning, et. al.)

Sadly, Threat actors keep on update this campaign if there will be any vulnerabilities disclosed in the near future to attack the new targets.

The initial stage of research, the researcher finds that the attacker injects the malicious scripts to redirect the visitors to a malicious website and pushing unwanted pop-ups.

But a new wave of campaign infected the vulnerable WordPress with a backdoor to exploiting the admin session and take control over the site.

Attackers injecting the obfusticated script to evade the to avoid detection by WAF and IDS software.

A Javascript payload that delivered by this campaign is capable of let attack attacker create a new administrator account, and also the attacker is free to install further backdoors or perform other malicious activity.

Read here the some of most Important Considerations Check to Setup Your WordPress Security and prevent from the cyber attack and used WPScan or other penetration testing tool to find the security vulnerabilities.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and Hacking News update.


Latest articles

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

CISA Warns Hackers Exploiting Wastewater Systems Logic Controllers

In a disconcerting turn of events, cyber threat actors have set their sights on...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles