HomesecurityMalvertising campaign exploits known vulnerabilities of WordPress

Malvertising campaign exploits known vulnerabilities of WordPress

campaignSome researchers of Defiant have discovered one new malvertising campaign, which he uses vulnerabilities of WordPress, to infects websites with malicious software.

Hackers exploit known vulnerabilities that have been identified in popular add-ons WordPresssuch as "Coming Soon and Maintenance Mode", "Yellow Pencil Visual CSS Style Editor" and "Blog Designer". These add-ons are installed on thousands of websites.

Hackers install a small piece code JavaScript, which installs an add-on malicious code from an external domain and executes it every time, where visitors are browsed to the infringed website.

The malvertising campaign, identified by the Defiant team, provokes the appearance unwanted pop-ups advertisements on sites and on redirecting users to malicious destinations.

In the beginning, the victims are led to a domain that controls the type of the visitor's device. Then, malicious code redirects them to malicious destinations, which can include technical support scams, malicious Android APKs, and various ads.

To carry out the campaign, the hackers they used cross-site scripting (XSS) vulnerabilities, which had been identified in Blog Designer and Coming Soon and Maintenance Mode, and an issue related to authentication that was detected in the Yellow Pencil.

"The vulnerability of Yellow Pencil could allow attackers to take full control of a site," the researchers said.

This vulnerability had been used in another hacking campaign in April.

The vulnerability is detected in the yellow-pencil.php file and can give the attacker administrator rights.

As far as cross-site scripting (XSS) vulnerabilities are concerned, most of them identified in this campaign were sent from IP addresses that were associated with popular hosting providers.

Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement