Malicious admin users get added to vulnerable WordPress sites often. This can happen in a variety of different ways, and sometimes the malware that creates these malicious users can hide in plain sight. Review this blog piece to read more about a fake WordPress admin creator.
Malicious admin users get added to vulnerable WordPress sites often. This can happen in a variety of different ways, and sometimes the malware that creates these malicious users can hide in plain sight. Injecting a malicious admin user into a WordPress site can allow attackers easy access back into a victims’ website after it has been cleaned. It is always recommended to review the WordPress administrators on your site often to best secure your site.
Important questions to ask when reviewing WordPress Admins
Some important questions to ask when determining whether a WordPress admin user is legitimate or not:
Do I recognize this WordPress admin?
Does the email address associated with the admin user appear safe?
When was this admin user created?
Does this admin user have any legitimate content attached to it?
Did I or someone from my team add this admin user?
Would you like to read more? Visit the article at the Sucuri Blog.
An in depth look at tow pieces of malware that redirects victims to a spammy casino websites. The discovery of two distinct infections within a singular site constitutes a significant finding, underscoring the importance of vigilant maintenance of updates and their inherent value.
Vulnerabilities within WordPress can lead to compromise, and oftentimes known vulnerabilities are utilized to infect WordPress sites with more than one infection. It is common for out of date websites to be attacked by multiple threat actors or targeted by the same attacker using multiple different channels.
We recently came across a database injection that has two different pieces of malware accomplishing two unrelated goals. The first injection redirects users to a spammy sports website and the second injection boosts authority of a spammy casino website within search engines.
The discovery of two distinct infections within a singular site constitutes a significant finding, underscoring the importance of vigilant maintenance of updates and their inherent value.
Would you like to read more? Visit the article at the Sucuri Blog.
An in depth look at a piece of malware that redirects victims to a fake malicious website by mimicking a popular domain. It was quite fun researching this fake domain and writing a blog piece on it that is featured on the Sucuri Blog.
A recent infection has been making its rounds across vulnerable WordPress sites, detected on over 160 websites so far at the time of writing. The infection is injected at the top of legitimate JavaScript files and executes a script from the following malicious domain: https://jquery0[.]com/JkrJYcvQ
At first glance, this domain appears to be legitimate. However, attackers have intentionally selected the domain name with the intention of deceiving webmasters. It’s nearly identical to https://jquery.com — a website belonging to the popular JavaScript library jQuery.
It was quite fun researching this fake domain and writing a blog piece on it that is featured on the Sucuri Blog.
Would you like to read more? Visit the article at the Sucuri Blog.
