Author Topic: Thousands of WordPress websites Are Infecting Users with Spyware - New Report  (Read 317 times)

0 Members and 2 Guests are viewing this topic.

Offline yungcrux

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 933
    • View Profile
Loading...

Compromised WordPress websites are delivering spyware and PUAs (potentially unwanted applications) to users via fake Flash update messages and fake browser plugins.

In this most recent campaign, the infected websites are serving users a piece of malicious JavaScript code.

This code, when executed in the user's browser, will load an iframe that in turn loads some more JavaScript code that allows it to collect user information and send it to a C&C server.

According to Zscaler, attackers are collecting data like the user's system timestamp, timezone, and Adobe Flash Player version.

This information is sent to various domains, but all of which resolve to the same IP address, 91.226.33.54, allocated to a Latvian VPS hosting provider.

Once data on the user's local system is collected and sent to the C&C server, the user is forwarded via a series of quick consecutive redirects to a Web page where, most of the times, the user is served spyware in the form of an Adobe Flash Player update.

On this page, the attackers show a message through which they hope to convince users to install or update their Flash Player. If users take any of these actions, they're delivered an EXE file that installs a variant of the Win32.InstallCore PUA.

Attackers also use fake browser extensions to infect users

Once this PUA installed, the user is redirected to the real Adobe website, where they are informed that their Flash Player installation failed, and asked to try again, this time from the original & authentic source.

Zscaler researchers also observed that, in some cases, instead of the fake Adobe Flash Player update, users were asked to install various browser add-ons.

All of these are low-level spyware, scareware, adware, and PUAs, but dangerous nevertheless, mainly because they can later be used as entry points for more damaging malware. This is because almost all recent malware strands these days come with the ability to download other viruses and trojans on infected machines.



 

Facebook Users Can Now Add a Facebook Messenger Window to their Website

Started by yungcrux

Replies: 0
Views: 206
Last post December 04, 2015, 12:55:43 AM
by yungcrux
Facebook Disabled Page Scam requesting users Credit Card and PayPal data

Started by newspostng

Replies: 0
Views: 282
Last post January 07, 2016, 10:33:17 AM
by newspostng
Facebook bans users from posting Scunthorpe , enables profanity filter feature

Started by admin

Replies: 0
Views: 269
Last post April 06, 2016, 01:26:40 AM
by admin
Twitter to start banning Users for violent threats and abusive behavior

Started by admin

Replies: 0
Views: 157
Last post December 30, 2015, 11:18:43 PM
by admin
Google and Samsung Give Users a Good Reason to dump Windows 10

Started by yungcrux

Replies: 0
Views: 293
Last post January 06, 2017, 01:20:42 AM
by yungcrux
Microsoft to discontinue Its PDF Reader, Wants Users to Switch to Edge Browser

Started by guruslodge

Replies: 0
Views: 125
Last post November 22, 2017, 07:01:04 AM
by guruslodge
Microsoft denies Forcing users to Upgrade to Windows 10

Started by admin

Replies: 0
Views: 213
Last post March 16, 2016, 12:38:17 AM
by admin
Facebook users Hits One billion in a day

Started by internet police

Replies: 0
Views: 496
Last post August 28, 2015, 03:42:26 PM
by internet police
Pinterest users hit 100 million worldwide

Started by admin

Replies: 0
Views: 366
Last post September 22, 2015, 06:34:17 PM
by admin
How to Create an Online Store in Min with WordPress Simple Paypal Shopping Cart

Started by admin

Replies: 0
Views: 681
Last post September 29, 2014, 09:36:13 AM
by admin