Malware infects hundreds of sites with wordpress

It seems that a group of hackers has focused on websites that use WordPress or Joomla as a base, to distribute ransomware and phishing. It is something that security experts have commented on in the last hours. Malware has been discovered in a hidden directory on HTTPS sites. Due to the same, it seeks to redirect users to other malicious pages.

Malware infects hundreds of WordPress sites

Also, it appears that they have hidden files in the /.well-known/ directory. As researchers have said, these hackers look for sites that are outdated, in plugins or in their CMS version. So they will be able to infect them with the Troldesh or Shade ransomware.

Malware in WordPress

It seems they take advantage of the fact that the mentioned directory is hidden from administrators. So they insert the files and then send an email with the link to the infected site. So, a zip is downloaded where the ransomware is. If the user executes said file, this ransomware will take care of encrypting the files on the computer. A warning is left as a wallpaper, which is written in Russian, as known.

This warning tells the user to open it as quickly as possible. Unfortunately, there are already some users who have fallen for these tricks. According to the security company, there could be about 500 websites that use WordPress affected.

Although it is not ruled out that they are more. Since WordPress is the most used platform in many cases. So we could see that the number of affected websites is finally greater. We hope to have more data soon.

Zscaler font