It is important to emphasize that the global community generally considers WordPress, as the most popular web hosting platform globally, to be secure. However, the platform also offers countless plugins, some of which carry high-severity vulnerabilities. Although the researchers were unable to pinpoint the exact vulnerability used to deliver this malware, they speculate that the threat actors automated the process and leveraged any known, unpatched flaws they could find.
The unknown malware’s modus operandi is straightforward. When people visit the infected websites, they get redirected to a different Q&A website that loads ads located on Google Ads. The ad campaign owners trick Google into paying them for fraudulent views.
Sucuri has been tracking similar campaigns for months. In late November of last year, the researchers spotted a similar campaign that infected approximately 15,000 WordPress sites. However, in last year’s campaign, the attackers didn’t hide the malware. In fact, they installed over 100 malicious files per website. In the new campaign, the attackers went to great lengths to hide the existence of the malware and made it more resilient to countermeasures, allowing it to remain persistent on the sites for longer periods of time.
To protect against such attacks, the researchers recommend keeping the website and all of the plugins up to date and securing the wp-admin panel with a strong password and multi-factor authentication. Websites that have already been infected can follow Sucuri’s how-to guide, change all access point passwords, and place the website behind a firewall.
In conclusion, website owners must remain vigilant and take steps to safeguard their sites against cyber-attacks. Keeping software up to date, using strong passwords and multi-factor authentication, and employing firewalls can help mitigate the risks of such attacks. By taking proactive measures, website owners can prevent hackers from compromising their sites and protect their visitors from malicious activity.
Frequently Asked Questions:
Here are some frequently asked questions related to the recent news of a mystery malware infecting thousands of WordPress sites:
What is the WordPress unknown malware variant?
The WordPress unknown malware variant was recently discovered to have infected thousands of WordPress-powered websites. The malware would redirect visitors to a different website where ads hosted on the Google Ads platform would load, bringing in profits for the website owners.
By what extent did this unknown malware variant infect WordPress sites?
The cybersecurity researchers from Sucuri have found that an unknown threat actor managed to compromise almost 11,000 WordPress-powered websites.
How did the attackers manage to deliver the unknown malware?
The researchers could not pinpoint the exact vulnerability used to deliver this malware, but they are speculating that the threat actors automated the process and likely leveraged whatever known, unpatched flaws they could find.
How can website owners protect against such attacks?
To protect against such attacks, the researchers suggest keeping the website and all of the plugins up to date and keeping the wp-admin panel secure with a strong password and multi-factor authentication. Websites which have already been infected should follow Sucuri’s how-to guide, change all access point passwords, and place the website behind a firewall.
Are all WordPress plugins vulnerable to such attacks?
Not all WordPress plugins carry high-severity vulnerabilities, but some do. It’s important to keep all plugins up-to-date and use only the ones that are reputable and have been thoroughly tested.
Kha Creation advises that you ensure your WordPress and its plugins are always up-to-date. Additionally, We recommended you to secure the wp-admin panel with a robust password and multi-factor authentication. To update your WordPress and plugins and improve your website’s security, please feel free to contact us.