1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • One of the most worrying WordPress malware threats is making a co

    From TechnologyDaily@1337:1/100 to All on Sat Aug 12 07:15:03 2023
    One of the most worrying WordPress malware threats is making a comeback

    Date:
    Sat, 12 Aug 2023 06:52:08 +0000

    Description:
    Balada Injector is back, compromising WordPress websites across the internet with malicious code.

    FULL STORY ======================================================================

    The Balada Injector malware is alive and kicking, and compromising poorly protected WordPress websites across the internet, as well as using them to target visitors, new research has claimed.

    A report from researchers at Cybernews claims to have found a compromised WordPress website during a routine web monitoring operation.

    The compromised website was apparently targeted by the Balada Injector
    malware - a Linux-based backdoor used to infiltrate websites through common
    or otherwise known vulnerabilities in WordPress plugins, themes, and similar vulnerabilities. The Balada Injector is known for attacking in waves - every month or so, the injector would use a new domain name, and a new code, which it would try to add to the WordPress sites code. Waves of attacks

    This particular site has had seven different instances of malicious code
    added and stacked on top of one another. That means that the website suffered seven waves of hacking attacks. This code, which was added to the very top of the page and would run before the website loaded, was meant to grant the attackers remote access to infected machines and redirect visitors to different websites with malvertising campaigns running. Read more

    WordPress plugin exposes half a million sites to attack


    How to build a website for free: A guide to creating a site on a budget


    Check out the best firewalls out there

    When the researchers deobfuscated and examined some of the PHP payloads found on the compromised website, they discovered URLs of newly spawned Command & Control (C2) endpoints, and subsequent obfuscated JavaScript files, used in the operation scheme. A total of five URLs were found being accessed to load malicious JavaScript onto exploited websites, the researchers said.

    The good news for potential victims is that the Balada Injector still isnt as advanced as it could be. It doesnt check if compromised websites have had malicious code added before, and because of that, instead of serving the landing page, the website forced the download of a PHP file, which raised red flags with the researchers and, at the end of the day, helped discover the hacking campaign. These are the best website builders right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/one-of-the-most-worrying-wordpress-malware-threa ts-is-making-a-comeback


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)