Friday, March 29, 2024

New Malware Attack Targeting 60 Million WordPress Websites to add Backdoor & Exploit Plugins Vulnerability

Researchers discovered an ongoing malvertising campaign targeting millions of WordPress websites to infect with backdoor and exploiting the various WordPress plugins vulnerabilities.

According to WordPress, there are nearly 60 million Websites power by WordPress content management system and hundreds of WordPress Plugins are installed that developers by various developers around the globe.

Cybercriminals launch the payload by exploiting the vulnerabilities that reside in some of the most popular WordPress plugins and injecting malicious scripts in unpatched WordPress website.

This new campaign intended to attack millions of WordPress websites to take complete control and redirect visitors to malicious sites where attackers deliver the malware droppers and also add the backdoor.

Researchers from Wordfence new investigations revealed that the initial malware attack coming from many IP has linked with a web hosting provider.

Short after they uncovered that there is only one IP address has involved with this ongoing malware campaign and the IP associated with a Rackspace server, in which some of the compromised websites are hosted.

Attackers Exploiting WordPress Plugins & Add Backdoor

There are many popular WordPress Plugins are targeting by this ongoing campaign, and also new vulnerabilities are added to the list of targets as they’re discovered.

Very recently, NinTechNet warned WordPress users by a disclosed flaw in the Bold Page Builder plugin that installed by more than 20,000 WordPress website and the attackers actively exploiting this vulnerability in wide to compromise the WordPress powered websites.

According to Wordfence, Similarly, following the famous WordPress Plugin’s are actively targeting by this new campaign.

Bold Page Builder
Blog Designer
Live Chat with Facebook Messenger
Yuzo Related Posts
Visual CSS Style Editor
WP Live Chat Support
Form Lightbox
Hybrid Composer
All former NicDark plugins (nd-bookingnd-travelnd-learning, et. al.)

Sadly, Threat actors keep on update this campaign if there will be any vulnerabilities disclosed in the near future to attack the new targets.

The initial stage of research, the researcher finds that the attacker injects the malicious scripts to redirect the visitors to a malicious website and pushing unwanted pop-ups.

But a new wave of campaign infected the vulnerable WordPress with a backdoor to exploiting the admin session and take control over the site.

Attackers injecting the obfusticated script to evade the to avoid detection by WAF and IDS software.

A Javascript payload that delivered by this campaign is capable of let attack attacker create a new administrator account, and also the attacker is free to install further backdoors or perform other malicious activity.

Read here the some of most Important Considerations Check to Setup Your WordPress Security and prevent from the cyber attack and used WPScan or other penetration testing tool to find the security vulnerabilities.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and Hacking News update.

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles