Home GDPR Privacy: Over 2,000 WordPress sites injected with malicious JavaScript 
GDPR - January 23, 2020

Privacy: Over 2,000 WordPress sites injected with malicious JavaScript 

Researchers at the Sucuri team have identified a malicious Javascript injected in WordPress sites redirecting visitors to scam websites. 

The research team detected a spike in the number of infections related to a particular malicious JavaScript, which has been found to exploit multiple plugin vulnerabilities, including Simple Fields, and the CP Contact Form with PayPal. 

After exploitation, threat actors are able to inject the site with malicious JavaScript which redirects visitors to “survey-for-gifts scam” websites where they are fooled into handing over personal information and installing malware. 

Some of the malicious domains include gotosecond2[.]com, adsformarket[.]com, admarketlocation[.]com, and admarketresearch[.]xyz. 

A second URL is loaded onto the compromised site which delivers the final malicious JavaScript payload to the victim’s infected website. 

The malicious JavaScript payload is capable of making additional modifications to existing WordPress theme files,  which in turn allows threat actors to inject additional malware, such as PHP backdoors and hacktools, to help maintain persistence. 

“We encourage website owners to disable the modification of primary folders block hackers from inserting malicious files or includes as part of WordPress security hardening and security best practices,” said Sucuri. 

Researchers also observed threat actors abusing /wp-admin/ features to create fake plugin directories that contain further malware.  

The team added that the threat actors are expected to continue to register new domains or use existing unused domains as more security vendors blacklist malicious domains.   

At the time of writing, the Sucuri research team discovered over 2,000 newly infected WordPress sites. 

The post Privacy: Over 2,000 WordPress sites injected with malicious JavaScript  appeared first on PrivSec Report.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

CISA believes SolarWinds attack could have been prevented with simple countermeasures

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency…