WordPress sites are incredibly popular and common in use since it allows users to create a free website or easily build a blog on WordPress.com with the aid of free, customizable, mobile-ready designs and themes. It also offers free hosting and support that makes it a prime target for malicious attacks. Today, Sucuri blog reported a large number of WordPress sites were compromised with the “ WordPress visitorTracker_isMob” malware code.
WordPress visitorTracker_isMob Malware
The blog further added that the campaign was operational for more than 15 days ago, but only during the final leg of it’s attack journey the malware gained traction; affecting a large number of sites and turning blogs into attack sites.
The ultimate objective of the malware campaign is to use as many compromised websites as possible to redirect all their visitors to a Nuclear Exploit Kit landing page. These landing pages will try a wide variety of available browser exploits to infect the computers of unsuspecting visitors.
The malware campaign adds a code to all JavaScript files on the site. The malicious code interacts with a secondary backdoor inside the site to force the browser to load a malicious iframe from one of their Nuclear Exploit Kit landing pages.
The security blog advises users especially, WordPress users to keep all their plug-ins updated including the premium ones. Also, it has intentionally dubbed the campaign “VisitorTracker,” since one of the function names used in a malicious javascript file is visitorTracker_isMob(). Website Administrators can use Sucuri scanning tool to check if their site is affected by the ongoing campaign.
Incidentally, TheWindowsClub already uses Sucuri to secure its website – so you are safe here!
