Popular WordPess Plugins Used To Hack Blogs: Opdatere nu!

Popular WordPess Plugins Used To Hack Blogs: Opdatere nu!

1 Star2 Stars3 Stars4 Stars5 Stars (1 stemmer, gennemsnit: 5.00 ud af 5)
Loading ...

Computer researchers uncovered several popular WordPress plugins which are actively abused in order to hack sites. This is due to a weakness found in them allowing for malicious code to be injected. Since the discovery was made they have been patched but the campaigns are still active. All WordPress site owners are urged to update their installations in order to prevent them from becoming victims.

WordPress Plugins Once Again Are The Conduit of Exploits

A series of popular WordPress plugins have been found to contain a security weakness thus allowing hackers to take over control of the sites and infect them with other threats. The discovery was made of the attack campaign which targets blogs running the popular content management systems on a global scale. The list of victim WordPress plugins includes Enkel 301 Redirects – Addon – Bulk Uploader and others which are made by the developer known as NicDark. When the vulnerability was announced to them an update was released amending the flaws.

Relaterede: Clipsa WordPress Malware Infects Blogs Globally

However this has not stopped the campaign as many blog owners have not updated their installations. Once a site is affected by the threat the malicious script will edit the pages on the WordPress blog in order to redirect the victims to a hacker-controlled site. This is useful in several common scenarios:

  • Phishing-svindel — The criminals can automatically redirect the victims to a login page or a fake home page which can impersonate well-known sites or services. By doing so they can hijack sensitive account credentials or other kind of personal information.
  • påtrængende reklame — The WordPress blogs can have their contents edited so that they will include all kinds of intrusive ads under different forms: bannere, pop-ups, tekstlinks og etc. For every display the hacker operators will receive income by the ads providers.
  • Malware Levering — The intrusions allow for different threats to be deployed onto the sites. As a result the WordPress blogs when visited or interacted with will actually lead to virus infections. Depending on the type of threat which is programmed in them they can range from Trojans (that are used to take over control of the computers) til cryptocurrency minearbejdere that will exploit the machine’s resources for profit.

The global attack campaign uses rotating domain names showing that the hacker or group behind the intrusion attempts have enough resources in order to continue targeting whole networks. Their identity is not yet known, we anticipate that as the attacks continue more information will become available.


Martin Beltov

Martin dimitterede med en grad i Publishing fra Sofia Universitet. Som en cybersikkerhed entusiast han nyder at skrive om de nyeste trusler og mekanismer indbrud.

Flere indlæg - Websted

Følg mig:
TwitterGoogle Plus

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...