Cloud Security

Thousands of WordPress sites impacted by Sign1 malware campaign

Stickers, buttons and pencils with the WordPress logo are seen in a pile.

BleepingComputer reports that more than 39,000 WordPress sites have been compromised to display popup ads and redirects as part of the widespread Sign1 malware campaign during the past six months, with 2,500 sites infected since January alone.

Threat actors behind the campaign have deployed brute-force attacks to infiltrate WordPress sites before exploiting HTML widgets and the Simple Custom CSS and JSS plugin to facilitate Sign1 malware injection, according to a report from Sucuri. Time-based randomization has been leveraged by the malware to produce dynamic URLs that enable the retrieval of malicious code, researchers said. Such a code, which allows not only XOR encoding but also specific cookie and referrer tracking to better target individuals visiting Google, Instagram, Facebook, and Yahoo, then activates popups and redirects to fraudulent sites with lures to activate browser notifications. Website administrators have been urged to strengthen their credentials, ensure updated plugins, and remove unneeded add-ons to prevent compromise.

Related

LockBit-leaked DC city agency data from third party

Washington, D.C.'s Department of Insurance, Securities and Banking has disclosed that 800GB of data claimed to have been stolen by the LockBit ransomware operation was obtained from an attack against third-party software provider Tyler Technologies following the ransomware gang's threats to expose 1GB of the exfiltrated data to coerce the agency into providing the demanded ransom, reports The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.