Malware infects hundreds of sites with wordpress
Table of contents:
It seems that a group of hackers has focused on websites that use WordPress or Joomla as a base, to distribute ransomware and phishing. It is something that security experts have commented on in the last hours. Malware has been discovered in a hidden directory on HTTPS sites. Due to the same, it seeks to redirect users to other malicious pages.
Malware infects hundreds of WordPress sites
Also, it appears that they have hidden files in the /.well-known/ directory. As researchers have said, these hackers look for sites that are outdated, in plugins or in their CMS version. So they will be able to infect them with the Troldesh or Shade ransomware.
Malware in WordPress
It seems they take advantage of the fact that the mentioned directory is hidden from administrators. So they insert the files and then send an email with the link to the infected site. So, a zip is downloaded where the ransomware is. If the user executes said file, this ransomware will take care of encrypting the files on the computer. A warning is left as a wallpaper, which is written in Russian, as known.
This warning tells the user to open it as quickly as possible. Unfortunately, there are already some users who have fallen for these tricks. According to the security company, there could be about 500 websites that use WordPress affected.
Although it is not ruled out that they are more. Since WordPress is the most used platform in many cases. So we could see that the number of affected websites is finally greater. We hope to have more data soon.
Detected a Trojan that infects your pc due to a vulnerability in powerpoint
Detected a Trojan that infects your PC due to a vulnerability in PowerPoint. Find out more about this Trojan that affects this vulnerability.
Adb.miner infects your android device to mine monero
ADB.miner is a new malware that infects Android devices with debugging enabled and Monero is mined, all the details.
Shadowhammer, a virus infects asus pcs through 'asus live update'
Up to a million people have downloaded and installed Asus Live Update, which was infected by a backdoor called ShadowHammer.