New Russian Malware Impacts 100,000 WordPress Sites
Google blacklisted more than 10,000 domains compromised with a piece of malware dubbed SoakSoak, according to virus researchers.
Up to 100,000 WordPress sites may be vulnerable to the malicious campaign, Sucuri said. Any version of WordPress that uses a popular slideshow plugin called “Slider Revolution” or RevSlider can fall victim to SoakSoak.
In September, researchers discovered a zero-day vulnerability in the plugin that allows an attacker to download any file from the site`s server, including database credentials, and compromise the website via the database. The problem lies in the way the plugin is wrapped into theme packages. When it becomes part of a theme, RevSlider`s automatic update mechanism is usually disabled and manual updates need to be performed in a process prone to error.
The Russian domain attackers use to get malware is currently down.
The campaign caused both revenue and reputation losses for WordPress blog owners blacklisted by Google.
What is medical identity theft and how to protect against it
July 27, 2022
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022