Data Security

Hackers using hacked WordPress & Joomla sites to drop malware

Apparently, the malware attack is carried out by Russian speaking hackers.

The IT security researchers at Zscaler have discovered a sophisticated malware campaign targeting websites based on WordPress and Joomla content management system (CMS).

The campaign works in such a way that hackers take advantage of a hidden directory on HTTPS and exploit vulnerabilities in extensions, plugins, and themes installed on the website to compromise them before delivering malware including Shade/Troldesh ransomware, phishing pages, adware, different kind of coinminers and other malicious redirectors.

The phishing pages set up by hackers aim at stealing login credentials of users especially those using popular services like Gmail, Yahoo, Dropbox, Microsoft, Office 365, DHL and Bank of America.

Screenshot of Yahoo phishing page shared by Zscaler.

The targeted HTTPS directory according to researchers is used by website owners to verify their domain’s ownership by providing certification authority with a code for validation purposes. The hackers use this process to hide malware which goes unnoticed.

Currently, there are hundreds of websites that have been hacked to drop malicious content. It is noteworthy that the Shade ransomware, in this case, locks compromised devices and leaves a ransom note in English and Russian language with commands for victims directing them how to unlock their PCs.

According to Zscaler, the malware campaign is targeting outdated versions of WordPress and Joomla sites, therefore, administrators and owners using WordPress versions from 4.8.9 to 5.1.1 on their sites are at risk.

Moreover, websites using SSL certificates issued by the Automatic Certificate Management Environment (ACME) including cPanel, DigiCert, GlobalSign and Let’s Encrypt, etc. are also at risk of being compromised. 

This, however, is not the first time when WordPress and Joomla based websites have been targeted with malware attacks. Last year, hackers compromised 20,000 WordPress websites to conduct large scale botnet attacks while in 2018, hackers used thousands of Joomla and WordPress websites to carry out malware attacks by tricking users into downloading a fake updated version of Chrome and Firefox browser.

If you are using WordPress, follow these 10 ways to protect your website against malware and other targeted attacks.

To Top

Pin It on Pinterest

Share This