Widget powered by WhatstheScore.com

Author Topic: Thousands of WordPress websites Are Infecting Users with Spyware - New Report  (Read 265 times)

0 Members and 1 Guest are viewing this topic.

Offline yungcrux

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 620
    • View Profile

Compromised WordPress websites are delivering spyware and PUAs (potentially unwanted applications) to users via fake Flash update messages and fake browser plugins.

In this most recent campaign, the infected websites are serving users a piece of malicious JavaScript code.

This code, when executed in the user's browser, will load an iframe that in turn loads some more JavaScript code that allows it to collect user information and send it to a C&C server.

According to Zscaler, attackers are collecting data like the user's system timestamp, timezone, and Adobe Flash Player version.

This information is sent to various domains, but all of which resolve to the same IP address,, allocated to a Latvian VPS hosting provider.

Once data on the user's local system is collected and sent to the C&C server, the user is forwarded via a series of quick consecutive redirects to a Web page where, most of the times, the user is served spyware in the form of an Adobe Flash Player update.

On this page, the attackers show a message through which they hope to convince users to install or update their Flash Player. If users take any of these actions, they're delivered an EXE file that installs a variant of the Win32.InstallCore PUA.

Attackers also use fake browser extensions to infect users

Once this PUA installed, the user is redirected to the real Adobe website, where they are informed that their Flash Player installation failed, and asked to try again, this time from the original & authentic source.

Zscaler researchers also observed that, in some cases, instead of the fake Adobe Flash Player update, users were asked to install various browser add-ons.

All of these are low-level spyware, scareware, adware, and PUAs, but dangerous nevertheless, mainly because they can later be used as entry points for more damaging malware. This is because almost all recent malware strands these days come with the ability to download other viruses and trojans on infected machines.


Facebook Users Can Now Add a Facebook Messenger Window to their Website

Started by yungcrux

Replies: 0
Views: 144
Last post December 04, 2015, 12:55:43 AM
by yungcrux
Facebook Disabled Page Scam requesting users Credit Card and PayPal data

Started by newspostng

Replies: 0
Views: 220
Last post January 07, 2016, 10:33:17 AM
by newspostng
Facebook bans users from posting Scunthorpe , enables profanity filter feature

Started by admin

Replies: 0
Views: 203
Last post April 06, 2016, 01:26:40 AM
by admin
Twitter to start banning Users for violent threats and abusive behavior

Started by admin

Replies: 0
Views: 110
Last post December 30, 2015, 11:18:43 PM
by admin
Microsoft denies Forcing users to Upgrade to Windows 10

Started by admin

Replies: 0
Views: 161
Last post March 16, 2016, 12:38:17 AM
by admin