Uncategorized

New Malware Attack Targeting 60 Million WordPress Websites to add Backdoor & Exploit Plugins Vulnerability

Researchers discovered an ongoing malvertising campaign targeting millions of WordPress websites to infect with backdoor and exploiting the various WordPress plugins vulnerabilities.

According to WordPress, there are nearly 60 million Websites power by WordPress content management system and hundreds of WordPress Plugins are installed that developers by various developers around the globe.

Cybercriminals launch the payload by exploiting the vulnerabilities that reside in some of the most popular WordPress plugins and injecting malicious scripts in unpatched WordPress website.

This new campaign intended to attack millions of WordPress websites to take complete control and redirect visitors to malicious sites where attackers deliver the malware droppers and also add the backdoor.

Researchers from Wordfence new investigations revealed that the initial malware attack coming from many IP has linked with a web hosting provider.

Short after they uncovered that there is only one IP address has involved with this ongoing malware campaign and the IP associated with a Rackspace server, in which some of the compromised websites are hosted.

Attackers Exploiting WordPress Plugins & Add Backdoor

There are many popular WordPress Plugins are targeting by this ongoing campaign, and also new vulnerabilities are added to the list of targets as they’re discovered.

Very recently, NinTechNet warned WordPress users by a disclosed flaw in the Bold Page Builder plugin that installed by more than 20,000 WordPress website and the attackers actively exploiting this vulnerability in wide to compromise the WordPress powered websites.

According to Wordfence, Similarly, following the famous WordPress Plugin’s are actively targeting by this new campaign.

Bold Page Builder
Blog Designer
Live Chat with Facebook Messenger
Yuzo Related Posts
Visual CSS Style Editor
WP Live Chat Support
Form Lightbox
Hybrid Composer
All former NicDark plugins (nd-bookingnd-travelnd-learning, et. al.)

Sadly, Threat actors keep on update this campaign if there will be any vulnerabilities disclosed in the near future to attack the new targets.

The initial stage of research, the researcher finds that the attacker injects the malicious scripts to redirect the visitors to a malicious website and pushing unwanted pop-ups.

But a new wave of campaign infected the vulnerable WordPress with a backdoor to exploiting the admin session and take control over the site.

Attackers injecting the obfusticated script to evade the to avoid detection by WAF and IDS software.

A Javascript payload that delivered by this campaign is capable of let attack attacker create a new administrator account, and also the attacker is free to install further backdoors or perform other malicious activity.

Read here the some of most Important Considerations Check to Setup Your WordPress Security and prevent from the cyber attack and used WPScan or other penetration testing tool to find the security vulnerabilities.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and Hacking News update.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

20 hours ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

3 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

3 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

3 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

3 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

4 days ago