Naijacrux News:Welcome to Naijacrux Online Forum..Great Place To Get Tips Facts Updates and More ,Interact Discuss & Learn With Others !!.remember to register to enjoy much more update!!!New Updates From Naijacrux -Naijacrux Is Now Mobile Friendly - Download Our Android App On Our Forum Rules And Announcement Section.Our App Will be Live On Google Playstore And IOS Store Soon Aswell - CLICK HERE TO DOWNLOAD NAIJACRUX ANDROID APP !!! Dear Guest And Naijacrux Dedicated Members,!!! ,  You Can Now Receive Naijacrux Weekly New Post and Updates Via Email by Subscribing To Our Newsletter Using The Subscribe Button Above The Naijacrux Announcement And Discussion At The Top Home Page!!Never Miss A New Post And Updates Again.!Thank You.  !!!YOU ARE WELCOME TO NAIJACRUX INFORMATIVE LEARNING AND INTERACTIVE FORUM.This Website is an Intensive Forum of Learning We recommend you Register & Login to Enjoy much free stuffs ::>>Also remember to Update your Profile Immediately after registration. Thank you!>>>!!!!To All Advertisers And Patronizers, kindly Send Mail To Support@naijacrux.com For adverts Placement. thanks!!!


Author Topic: Thousands of WordPress websites Are Infecting Users with Spyware - New Report  (Read 1536 times)

0 Members and 1 Guest are viewing this topic.

Offline yungcrux

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1838
  • Karma: +0/-0
Loading...

Compromised WordPress websites are delivering spyware and PUAs (potentially unwanted applications) to users via fake Flash update messages and fake browser plugins.

In this most recent campaign, the infected websites are serving users a piece of malicious JavaScript code.

This code, when executed in the user's browser, will load an iframe that in turn loads some more JavaScript code that allows it to collect user information and send it to a C&C server.

According to Zscaler, attackers are collecting data like the user's system timestamp, timezone, and Adobe Flash Player version.

This information is sent to various domains, but all of which resolve to the same IP address, 91.226.33.54, allocated to a Latvian VPS hosting provider.

Once data on the user's local system is collected and sent to the C&C server, the user is forwarded via a series of quick consecutive redirects to a Web page where, most of the times, the user is served spyware in the form of an Adobe Flash Player update.

On this page, the attackers show a message through which they hope to convince users to install or update their Flash Player. If users take any of these actions, they're delivered an EXE file that installs a variant of the Win32.InstallCore PUA.

Attackers also use fake browser extensions to infect users

Once this PUA installed, the user is redirected to the real Adobe website, where they are informed that their Flash Player installation failed, and asked to try again, this time from the original & authentic source.

Zscaler researchers also observed that, in some cases, instead of the fake Adobe Flash Player update, users were asked to install various browser add-ons.

All of these are low-level spyware, scareware, adware, and PUAs, but dangerous nevertheless, mainly because they can later be used as entry points for more damaging malware. This is because almost all recent malware strands these days come with the ability to download other viruses and trojans on infected machines.


 

 

Facebook Users Can Now Add a Facebook Messenger Window to their Website

Started by yungcrux

Replies: 0
Views: 1344
Last post December 04, 2015, 12:55:43 AM
by yungcrux
Facebook Disabled Page Scam requesting users Credit Card and PayPal data

Started by newspostng

Replies: 0
Views: 1572
Last post January 07, 2016, 10:33:17 AM
by newspostng
Facebook bans users from posting Scunthorpe , enables profanity filter feature

Started by admin

Replies: 0
Views: 1662
Last post April 06, 2016, 01:26:40 AM
by admin
Twitter to start banning Users for violent threats and abusive behavior

Started by admin

Replies: 0
Views: 1629
Last post December 30, 2015, 11:18:43 PM
by admin
Google and Samsung Give Users a Good Reason to dump Windows 10

Started by yungcrux

Replies: 0
Views: 1631
Last post January 06, 2017, 01:20:42 AM
by yungcrux