WordPress Injection Anchors Widespread Malware Campaign

2021-03-05 20:35

The downloader malware known as Gootloader is poisoning websites globally as part of an extensive drive-by and watering-hole cybercampaign that abuses WordPress sites by injecting them with hundreds of pages of fake content.

Researchers with eSentire spotted a Gootloader campaign in December, infiltrating dozens of legitimate websites involved in the hotel industry, high-end retail, education, healthcare, music and visual arts, among others.

The Gootloader malware in this case was hosted on an addiction recovery center's website.

It's unclear how the sites were initially compromised, eSentire said; but, it could have happened via a vulnerable plugin; or, the WordPress website simply may not have been patched, researchers noted.

"The compromised WordPress sites were injected with tens to hundreds of blog posts," researchers explained.

Finally, all injected blog posts on a given compromised website were spread across the month of December.

News URL

https://threatpost.com/wordpress-injection-malware-campaign/164555/

#malware #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		49	36	409	104	29	578