1 min read

New Russian Malware Impacts 100,000 WordPress Sites

Alexandra GHEORGHE

December 16, 2014

New Russian Malware Impacts 100,000 WordPress Sites

Thousands of WordPress Sites Compromised through MailPoet VulnerabilityGoogle blacklisted more than 10,000 domains compromised with a piece of malware dubbed SoakSoak, according to virus researchers.

Up to 100,000 WordPress sites may be vulnerable to the malicious campaign, Sucuri said. Any version of WordPress that uses a popular slideshow plugin called “Slider Revolution” or RevSlider can fall victim to SoakSoak.

In September, researchers discovered a zero-day vulnerability in the plugin that allows an attacker to download any file from the site`s server, including database credentials, and compromise the website via the database. The problem lies in the way the plugin is wrapped into theme packages. When it becomes part of a theme, RevSlider`s automatic update mechanism is usually disabled and manual updates need to be performed in a process prone to error.

The SoakSoak malware modifies a file called wp-includes/template-loader.php that enables loading of a JavaScript file, wp-includes/js/swobject.js, on every page on the site. After it`s decoded, it loads malware from a Russian domain.

The Russian domain attackers use to get malware is currently down.

The campaign caused both revenue and reputation losses for WordPress blog owners blacklisted by Google.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Supply Chain Attack Detected in PyPI Library Supply Chain Attack Detected in PyPI Library
Silviu STAHIE

August 02, 2021

1 min read
Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel
Filip TRUȚĂ

August 02, 2021

3 min read
Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million
Graham CLULEY

July 30, 2021

2 min read