SoakSoak’s New Target
The authors behind the SoakSoak campaign have a new target – a “wp-includes/js/json2.min.js“ file that is modified to load a corrupted Flash file. Researchers with Sucuri explain that “The hidden iFrame URL in swfobjct.swf now depends on another script from hxxp://ads .akeemdom . com/db26, also loaded by malware in json2.min.js.”
Older versions of the popular RevSlider plugin are targeted in the SoakSoak campaign, mostly the ones prior to 4.2. Several months ago, researchers disclosed the vulnerability in the plugin.
Daniel Cid of Sucuri says that the biggest issue here is that this is a premium plugin, which cannot be easily upgraded by everyone. Some of the affected websites’ owners do not even realize they have RevSlider packaged into their themes.
The developers of the plugin have patched it silently, but websites that have not been updated are still vulnerable to attacks of this sort.
Spy Hunter FREE scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool. Find Out More About SpyHunter Anti-Malware Tool