Security News > 2021 > March > Fake jQuery files infect WordPress sites with malware
Security researchers have spotted counterfeit versions of the jQuery Migrate plugin injected on dozens of websites which contains obfuscated code to load malware.
Js and present at the exact locations where JavaScript files are normally present on WordPress sites but are in fact malicious.
Researchers spot fake jQuery files which are malware.
This week security researchers Denis Sinegubko and Adrian Stoian spotted counterfeit jQuery files impersonating the jQuery Migrate plugin on dozens of websites.
Wp-includes/js/jquery/ on these websites, which is the directory where WordPress keeps jQuery files.
If your website uses WordPress or popular JavaScript plugins such as jQuery Migrate, it is a good idea to regularly perform thorough security audits and check for anomalies that may indicate signs of malicious activity.
News URL
Related news
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites (source)
- Evasive Sign1 malware campaign infects 39,000 WordPress sites (source)
- New Wpeeper Android malware hides behind hacked WordPress sites (source)
- Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers (source)