Random Pagan Verse:
It is best for man to be middle-wise,
Not over cunning and clever:
No man is able to know his future,
So let him sleep in peace.

Author Topic: Thousands of WordPress websites Are Infecting Users with Spyware - New Report  (Read 375 times)

Offline yungcrux (OP)

  • Global Moderator
  • Hero Member
  • *****
  • Date Registered: Sep 2015
  • Posts: 1034
  • Karma: +0/-0
    • View Profile

Compromised WordPress websites are delivering spyware and PUAs (potentially unwanted applications) to users via fake Flash update messages and fake browser plugins.

In this most recent campaign, the infected websites are serving users a piece of malicious JavaScript code.

This code, when executed in the user's browser, will load an iframe that in turn loads some more JavaScript code that allows it to collect user information and send it to a C&C server.

According to Zscaler, attackers are collecting data like the user's system timestamp, timezone, and Adobe Flash Player version.

This information is sent to various domains, but all of which resolve to the same IP address,, allocated to a Latvian VPS hosting provider.

Once data on the user's local system is collected and sent to the C&C server, the user is forwarded via a series of quick consecutive redirects to a Web page where, most of the times, the user is served spyware in the form of an Adobe Flash Player update.

On this page, the attackers show a message through which they hope to convince users to install or update their Flash Player. If users take any of these actions, they're delivered an EXE file that installs a variant of the Win32.InstallCore PUA.

Attackers also use fake browser extensions to infect users

Once this PUA installed, the user is redirected to the real Adobe website, where they are informed that their Flash Player installation failed, and asked to try again, this time from the original & authentic source.

Zscaler researchers also observed that, in some cases, instead of the fake Adobe Flash Player update, users were asked to install various browser add-ons.

All of these are low-level spyware, scareware, adware, and PUAs, but dangerous nevertheless, mainly because they can later be used as entry points for more damaging malware. This is because almost all recent malware strands these days come with the ability to download other viruses and trojans on infected machines.



Facebook Users Can Now Add a Facebook Messenger Window to their Website

Started by yungcrux

Replies: 0
Views: 265
Last post December 04, 2015, 12:55:43 AM
by yungcrux
Facebook Disabled Page Scam requesting users Credit Card and PayPal data

Started by newspostng

Replies: 0
Views: 349
Last post January 07, 2016, 10:33:17 AM
by newspostng
Facebook bans users from posting Scunthorpe , enables profanity filter feature

Started by admin

Replies: 0
Views: 332
Last post April 06, 2016, 01:26:40 AM
by admin
Twitter to start banning Users for violent threats and abusive behavior

Started by admin

Replies: 0
Views: 214
Last post December 30, 2015, 11:18:43 PM
by admin
Google and Samsung Give Users a Good Reason to dump Windows 10

Started by yungcrux

Replies: 0
Views: 371
Last post January 06, 2017, 01:20:42 AM
by yungcrux
Microsoft to discontinue Its PDF Reader, Wants Users to Switch to Edge Browser

Started by guruslodge

Replies: 0
Views: 208
Last post November 22, 2017, 07:01:04 AM
by guruslodge
Microsoft denies Forcing users to Upgrade to Windows 10

Started by admin

Replies: 0
Views: 264
Last post March 16, 2016, 12:38:17 AM
by admin
Facebook to Notify Users When their Photos Are Uploaded

Started by punch

Replies: 0
Views: 483
Last post December 20, 2017, 07:10:53 AM
by punch
Facebook users Hits One billion in a day

Started by internet police

Replies: 0
Views: 548
Last post August 28, 2015, 03:42:26 PM
by internet police
Pinterest users hit 100 million worldwide

Started by admin

Replies: 0
Views: 422
Last post September 22, 2015, 06:34:17 PM
by admin