A massive malware campaign has been found targeting WordPress websites.
According to Andra Zaharia, marketing communications manager at Heimdal Security, hundreds of servers hosting WordPress-based websites have already been compromised. Further, antivirus detection of exploit code is low: only 2/66 on VirusTotal. Meanwhile, the payload also achieves only limited detection.
“Cyber criminals know that moving fast is key for maintaining their anonymity,” she said, in a blog. “So please note that the campaign makes use of several domains to deliver the malicious code, which is why active servers can quickly change depending on which IP as DNS lookup they use.”
Heimdal has already blocked more than 85 domains that are being actively used in this campaign.
“These details make this particular malware campaign a massive one, and the trend is likely to continue,” Zaharia said. “With fileless malware infections and commercially-available exploit kit, the cybercrime scene is getting more complicated by the day.”
WordPress is a fairly common target for cyber-attackers, given how widely used it is for content management for websites.
Website owners that use WordPress can secure their servers and users by keeping their software and their operating system updated at all times; backing up data, often and in multiple locations; and using a security tool that can filter web traffic and protect against ransomware, which traditional antivirus cannot detect or block.
Photo © Zerbor