“Much of the campaign remains identical. Known vulnerabilities in WordPress plugins are exploited to inject malicious JavaScript into the frontends of victim sites, which causes the sites’ visitors to be redirected to potentially harmful content like malware droppers and fraud sites. Where possible, the payloads are obfuscated in an attempt to avoid detection by WAF and IDS software”, — explained Defiant experts.
So, now instead of the code responsible for the implementation of pop-ups and redirects, code is used to check whether the visitor to the site has the ability to create user accounts (a feature available only to admin accounts in WordPress).
Read also: Vulnerability in the plugin for WordPress allowed to execute PHP-code remotely
In fact, the malware is waiting for the owner of the site to access his resource. When this happens, the malicious code creates a new administrator account named wpservices using the address wpservices@yandex.com and the password w0rdpr3ss. Then these accounts are used as backdoors.
“The campaign picks up new targets over time. It’s reasonable to assume any unauthenticated XSS or options update vulnerabilities disclosed in the near future will be quickly targeted by this threat actor”, — say Defiant researchers.
Researchers write that attacks target previously famous vulnerabilities in the following plugins:
Defiant strongly recommends that website owners update the above plugins to the latest versions, as well as check their resources for new administrator accounts and, if necessary, delete fraudulent accounts.
About News-xbuhoxu.store News-xbuhoxu.store pop-ups can not open out of nowhere. If you have actually clicked…
About News-xbadeyo.today News-xbadeyo.today pop-ups can not introduce out of nowhere. If you have clicked on…
About News-bbutohu.info News-bbutohu.info pop-ups can not open out of nowhere. If you have actually clicked…
About News-bbucoxe.today News-bbucoxe.today pop-ups can not launch out of the blue. If you have clicked…
About News-xdetake.cc News-xdetake.cc pop-ups can not expose out of nowhere. If you have clicked on…
About News-bbufiya.today News-bbufiya.today pop-ups can not expose out of nowhere. If you have clicked some…