Friday, July 23, 2021

Malware Produces scam online stores on top of hacked WordPress sites

Must Read

U.S DOJ charges 4 Chinese nationals for the global hacking campaign

The Justice Department announced charges against four Chinese nationals on Monday, accusing the men of being part of a...

Armed Forces confirm hacking of their data network

The Malaysian Armed Forces (ATM) verified that there was a cyber assault on its information network yesterday. Armed Forces chief...

Vietnam to shut down Facebook over censorship requests – Source

Vietnam has threatened to close down Facebook from the nation if it doesn't bow to government pressure to pay...

The malware gang poisoned the victims’ XML sitemaps with tens of thousands of scammy entrances, lowering the websites’ SERP ranking.

A brand new cybercrime gang was seen taking overexposed WordPress websites to put in concealed e-commerce shops to hijack the first website’s search engine rank and reputation and market online scams.

The strikes were found earlier this month targeting a WordPress honeypot set up and handled by Larry Cashdollar, a security researcher to the Akamai security group.

The attackers leveraged brute-force strikes to get access to the website’s admin accounts, and they overwrote the WordPress site’s most important index document and appended malicious code.

It was on this particular server in which the whole”business logic” of those strikes happened. By Cashdollar, a Normal attack goes as follows:

The hacked WordPress website redirects the user’s request to observe the website to the malware C&C server.

When an individual fulfills specific standards, the C&C server informs the website to respond with an HTML file containing an internet shop intravenous a huge array of mundane objects.

The hacked website responds to the consumer’s request using a scammy online shop rather than the first website the user wanted to see.

Cashdollar explained that throughout the time that the hackers had access to his honeypot, the attackers hosted over 7,000 e-commerce shops they planned to function to incoming customers.


Additionally, the Akamai researchers said the hackers also created XML sitemaps for its hacked WordPress websites that included entries for the imitation online shops along with the website’s pages that were authentic.

Although this process looked pretty benign, it had a fairly major effect on the WordPress website since it ended up poisoning its own key words with unrelated and scammy entrances that reduced the site’s search engine results page (SERP) rank.

Cashdollar now considers this type of malware might be used to get SEO extortion approaches — in which offender classes intentionally poison a website’s SERP position and then request a ransom to revert the outcomes.

“This leaves them a low-barrier assault for offenders to pull off since they just require a few endangered hosts to begin,” Cashdollar stated. “Given that there are thousands and thousands of left-wing WordPress installations on the internet, and more with obsolete plug-ins or weak qualifications, the possible victim pool is enormous.”

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This