Saturday, October 16, 2021

Malware Produces scam online stores on top of hacked WordPress sites

Must Read

TikTok patches reflected XSS bug, one-click account takeover exploit

TikTok has patched a reflected XSS security defect along with a bug leading into account takeover affecting the company's...

The third malware Strain detected in SolarWinds supply chain attack

Security investigators have found another type of malware used by Russian attackers to loosen SolarWinds.CrowdStrike, one of two security...

Proof of concept exploit code published for new Kerberos Bronze Bit attack

The Kerberos Bronze Bit attack may allow intruders to bypass authentication and access network services that are sensitive.Proof-of-concept exploits...

The malware gang poisoned the victims’ XML sitemaps with tens of thousands of scammy entrances, lowering the websites’ SERP ranking.

A brand new cybercrime gang was seen taking overexposed WordPress websites to put in concealed e-commerce shops to hijack the first website’s search engine rank and reputation and market online scams.

The strikes were found earlier this month targeting a WordPress honeypot set up and handled by Larry Cashdollar, a security researcher to the Akamai security group.

The attackers leveraged brute-force strikes to get access to the website’s admin accounts, and they overwrote the WordPress site’s most important index document and appended malicious code.

It was on this particular server in which the whole”business logic” of those strikes happened. By Cashdollar, a Normal attack goes as follows:

The hacked WordPress website redirects the user’s request to observe the website to the malware C&C server.

When an individual fulfills specific standards, the C&C server informs the website to respond with an HTML file containing an internet shop intravenous a huge array of mundane objects.

The hacked website responds to the consumer’s request using a scammy online shop rather than the first website the user wanted to see.

Cashdollar explained that throughout the time that the hackers had access to his honeypot, the attackers hosted over 7,000 e-commerce shops they planned to function to incoming customers.


Additionally, the Akamai researchers said the hackers also created XML sitemaps for its hacked WordPress websites that included entries for the imitation online shops along with the website’s pages that were authentic.

Although this process looked pretty benign, it had a fairly major effect on the WordPress website since it ended up poisoning its own key words with unrelated and scammy entrances that reduced the site’s search engine results page (SERP) rank.

Cashdollar now considers this type of malware might be used to get SEO extortion approaches — in which offender classes intentionally poison a website’s SERP position and then request a ransom to revert the outcomes.

“This leaves them a low-barrier assault for offenders to pull off since they just require a few endangered hosts to begin,” Cashdollar stated. “Given that there are thousands and thousands of left-wing WordPress installations on the internet, and more with obsolete plug-ins or weak qualifications, the possible victim pool is enormous.”

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This