Fake Pirate Bay site pushes Nuclear Exploit Kit, distributes trojans

Visitors to compromised WordPress site were redirected to a fake Pirate Bay website which is distributing malware as part of a drive-by download attack.

WordPress sites are being targeted and injected with a malicious iFrame which directs visitors to a fake Pirate Bay page, according to Malwarebytes. The fake page ultimately pushes the Nuclear Exploit Kit, which offloads a banking trojan via a Flash vulnerability (CVE-2015-0311). 

The malicious site is not maintained by Pirate Bay but instead is a rouge site from the Open Bay project which allowed people to set up clone accounts after the original Pirate Bay was shut down.

Last year web security firm Sucuri exposed a massive campaign of WordPress compromises dubbed “SoakSoak” which allowed people without administrative privilege modify accounts. Researchers believe the hackers may be using similar methods. 

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters