Hundreds of compromised WordPress and Joomla web sites are serving up malware to site visitors

by Adrian J. Elliott | Friday, Jul 3, 2020 | 780 views

Websites built one of the most popular content control systems used in publishing are being hacked and exploited to supply ransomware and different malware to site visitors.

Cybercriminals are exploiting vulnerabilities in plug-ins, issues, and extensions on WordPress and Joomla web sites and the usage of them to serve up Shade ransomware and other malicious content material.
Researchers at safety corporation Zscaler have specified how attackers are the use of a hidden listing on HTTPS for malicious functions. This well-known listing is generally utilized by website owners to illustrate possession of the area to the certificates authority that scans for the code to realize that the area is confirmed.
However, using the usage of exploits to gain get entry to these hidden pages, attackers can use them to cover malware and other malicious content material from website directors.

 

https://sciburg.com/wp-content/uploads/2019/03/1200px-WordPress_blue_logo.svg_.png

Over the past few weeks, researchers have noticed a spike of threats stowed away inside the hidden directory, with Shade ransomware – also called Trollish – the most common danger deployed on this way.
“The spam emails commonly carry a link to the HTML redirector page hosted on the compromised website online which downloads the malicious zip report. The user wishes to open the JavaScript file inside the ZIP, and this JavaScript record will download the ransomware from the compromised web page and execute it,” Deepen Desai, VP for safety research and operations at Zscaler, advised ZDNet.
Over 500 web sites were compromised, and thousands of attempts had been made to drop ransomware, phishing hyperlinks, and other malicious content material.
Meanwhile, phishing pages are hosted underneath SSL-established hidden directories and pa-up so that you can fool the capacity victim into turning in their usernames and passwords.
The compromised WordPress web sites are the usage of versions four.8.9 to five.1.1 and tend to be using old CMS themes, or server-side software which researchers recommend is probable the motive for the compromise.
It’s now not regarded who’s in the back of the cyber-crook campaign. However Zscaler is operating to tell the owners of the web sites approximately the assaults. The complete list of Indicators of Compromise is to be had inside the analysis of the attack.

Like it? Share it!