Several WordPress Sites Compromised by Malicious Codes

Posted on September 24, 2018 at 7:18 AM

Several WordPress Sites Compromised by Malicious Codes

WordPress sites numbering up to thousands have come under serious malicious code attack this month. This code works by redirecting users to some support tech basis which are scams. This support tech makes use of Chrome bug tagged “evil cursor” in its operation.

WordPress websites are currently having it tough as a result of infractions on it by hackers. This hacking is carried out with the aid of codes that are malicious. The website comprises began in this month based on reports made available by Malwarebytes and Sucuri.

From the manner in which all attacks were recorded, researchers opined that there was no much difference in the pattern of attack. Even though each attack seems to have different entry vector, the regular pattern is for hackers to send malicious codes to the sites from a popular actor.

In the views of researchers, intruders are able to gain access to WordPress sites due to the usage of plugins and themes that are outdated. That puts aside any suspicion about whether the compromise came as a result of loopholes in WordPress itself.

Mode of Action of the Malicious Codes

As soon as the codes get into a WordPress site, they wreak their havoc by planting a backdoor through which malicious codes can further gain access to it in the future. As with many of the attacks recorded, the malicious codes also modify either JavaScript or PHP in order to find its way into the sites. Where the attack is severe, several users report that their databases are equally compromised too.

According to Jerome who is a security researcher at Malwarebytes, when people visit WordPress sites that have been infiltrated by these codes, they get redirected to scams in the name of tech support. And while studying the trend of the attack, Jerome submitted that it was not much different from a popular system that distributes traffic. This system is commonly used by many campaigns for malware distribution.

Furthermore, according to researchers, many of the tech support scams which WordPress visitors eventually get redirected to use evil cursor Chrome bug. This is to enable them to disenable users from closing the malicious website page. In fact, this was the first thing that brought researchers’ attention to this security compromise.

Findings from Sucuri suggests that the WordPress hijacking began early this month although Segura says the intensity has increased greatly in the past few days.

Many Sites Affected Already

When one of the malicious codes (JavaScript) which now attacks WordPress was searched on Google, more than 2,500 results came up. And this represents a segment of the overall WordPress sites that have been infected by this JavaScript alone. Among the websites affected is that of the Expedite Group, a corporate company managing the portal of Expedia.

Just last week, a report came out from ZDNet that many hackers do scan the internet so as to discover and exploit the latest loopholes associated with a common WordPress plugin.

Although Sucuri has not come out to state whether it was the vulnerability they discover then that attackers are now acting on, the research company has come up to affirm the earlier report.

Summary
Several WordPress Sites Compromised by Malicious Codes
Article Name
Several WordPress Sites Compromised by Malicious Codes
Description
WordPress sites numbering up to thousands have come under serious malicious code attack this month. This code works by redirecting users to some support tech basis which are scams. This support tech makes use of Chrome bug tagged “evil cursor” in its operation.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading