Wednesday, May 29, 2024

New Malware Attack Targeting 60 Million WordPress Websites to add Backdoor & Exploit Plugins Vulnerability

Researchers discovered an ongoing malvertising campaign targeting millions of WordPress websites to infect with backdoor and exploiting the various WordPress plugins vulnerabilities.

According to WordPress, there are nearly 60 million Websites power by WordPress content management system and hundreds of WordPress Plugins are installed that developers by various developers around the globe.

Cybercriminals launch the payload by exploiting the vulnerabilities that reside in some of the most popular WordPress plugins and injecting malicious scripts in unpatched WordPress website.

This new campaign intended to attack millions of WordPress websites to take complete control and redirect visitors to malicious sites where attackers deliver the malware droppers and also add the backdoor.

Researchers from Wordfence new investigations revealed that the initial malware attack coming from many IP has linked with a web hosting provider.

Short after they uncovered that there is only one IP address has involved with this ongoing malware campaign and the IP associated with a Rackspace server, in which some of the compromised websites are hosted.

Attackers Exploiting WordPress Plugins & Add Backdoor

There are many popular WordPress Plugins are targeting by this ongoing campaign, and also new vulnerabilities are added to the list of targets as they’re discovered.

Very recently, NinTechNet warned WordPress users by a disclosed flaw in the Bold Page Builder plugin that installed by more than 20,000 WordPress website and the attackers actively exploiting this vulnerability in wide to compromise the WordPress powered websites.

According to Wordfence, Similarly, following the famous WordPress Plugin’s are actively targeting by this new campaign.

Bold Page Builder
Blog Designer
Live Chat with Facebook Messenger
Yuzo Related Posts
Visual CSS Style Editor
WP Live Chat Support
Form Lightbox
Hybrid Composer
All former NicDark plugins (nd-bookingnd-travelnd-learning, et. al.)

Sadly, Threat actors keep on update this campaign if there will be any vulnerabilities disclosed in the near future to attack the new targets.

The initial stage of research, the researcher finds that the attacker injects the malicious scripts to redirect the visitors to a malicious website and pushing unwanted pop-ups.

But a new wave of campaign infected the vulnerable WordPress with a backdoor to exploiting the admin session and take control over the site.

Attackers injecting the obfusticated script to evade the to avoid detection by WAF and IDS software.

A Javascript payload that delivered by this campaign is capable of let attack attacker create a new administrator account, and also the attacker is free to install further backdoors or perform other malicious activity.

Read here the some of most Important Considerations Check to Setup Your WordPress Security and prevent from the cyber attack and used WPScan or other penetration testing tool to find the security vulnerabilities.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and Hacking News update.

Website

Latest articles

Researchers Exploited Nexus Repository Using Directory Traversal Vulnerability

Hackers target and exploit GitHub repositories for a multitude of reasons and illicit purposes.The...

DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting...

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege...

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS)...

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles