Daily Archives: December 17, 2014

Russian Malware Targets WordPress Users

A Russian malware dubbed SoakSoak has infected nearly 100,000 WordPress websites since Sunday, prompting Google to blacklist over 11,000 of those domains (the number is increasing), according to a report from cybersecurity firm Sucuri.

The malware exploits a previously-known vulnerability in a WordPress plugin called Slider Revolution to modify the file wp-includes/template-loader.php, causing the wp-includes/js/swobject.js to be loaded on every page on the site, which in turn loads the malware from a russian website.

The malware campaign is targeting WordPress users running Internet Explorer on Windows and is also making use of a number of new backdoor payloads, some of which are being injected into images to further assist evasion while others are being used to inject new administrator users into vulnerable WordPress

%d bloggers like this: