Security News > 2021 > March > WordPress Injection Anchors Widespread Malware Campaign
The downloader malware known as Gootloader is poisoning websites globally as part of an extensive drive-by and watering-hole cybercampaign that abuses WordPress sites by injecting them with hundreds of pages of fake content.
Researchers with eSentire spotted a Gootloader campaign in December, infiltrating dozens of legitimate websites involved in the hotel industry, high-end retail, education, healthcare, music and visual arts, among others.
The Gootloader malware in this case was hosted on an addiction recovery center's website.
It's unclear how the sites were initially compromised, eSentire said; but, it could have happened via a vulnerable plugin; or, the WordPress website simply may not have been patched, researchers noted.
"The compromised WordPress sites were injected with tens to hundreds of blog posts," researchers explained.
Finally, all injected blog posts on a given compromised website were spread across the month of December.
News URL
https://threatpost.com/wordpress-injection-malware-campaign/164555/