Image Source: Pexels.com
Cyber criminals are constantly reinventing well-established methods to attack unsuspecting users. One of the most common attack paths is through compromised websites. Once the user has landed on such a website, he will then encounter an exploit kit, and eventually a piece of malware (like ransomware) will be downloaded onto his computer.
This is how attack scenarios that involve exploit kits usually go. However, the place of initiation of the infection can be different, and this is where cyber criminals improvise. One of the latest EK attacks, analyzed by researchers at Malwarebytes, displays a new sneaky trick performed on Joomla and WordPress websites. The newly discovered malicious intrusion involves the implementation of malicious social sharing buttons and the infamous Angler exploit kit. The payload of the operation is either Bedep or another form of malware.
Learn More about Bedep Malware
On the other hand, Proofpoint researchers just analyzed a new ransomware piece – CryptXXX – spread through Bedep after initial infection via Angler. It’s quite likely that the two malicious malicious operations are in the hands of the same threat actors. More information on CryptXXX.
How Is the “Social Button” Attack Carried Out?
Security researchers say that this attack is quite unique, as it didn’t employ known methods such as direct malicious injections of the landing URL inside the source code of the compromised website. Instead, cyber criminals used a domain name to trick website owners into believing that the following is part of social plugins: socialbutton[.]site. As you know, such buttons enable users to interact (like, share, etc.) with the content on a website.
Once a WordPress or Joomla website is “acquired” by the cyber criminals, malicious JavaScript is added to the website’s source code. The attack is done in a manner that disguises the malicious code and makes it look like a social plugin. Even during inspection, webmasters will most likely remain unsuspecting of the malicious activities.
What happens next? If the file is accessed via the browser, no malicious code will be produced. However, when the user visits a compromised website, the code will load into his browser and will then be replaced by a malicious one.
Once this is done, the user will be redirected multiple times and will land on a page that hosts Angler.
How to Stay Protected against Exploit Kits and Malware
To no one’s surprise, the best way to stay protected against malicious attacks and their payloads is keeping all software up-to-date, including WordPress, your browsers and all apps running on your system. Don’t forget that WordPress and other CMS are often targeted by cyber criminals. If you have many applications, you can rely on one free and easy-to-use program that will make sure all of your software is updated:
Flexera (Secunia) Personal Software Inspector Review
Another important aspect of online security is sustaining a strong anti-malware program to shield you against the various cyber threats lurking in unsuspected (online) places.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter