The researchers of the Sucuri have discovered the campaign, the new malware is aimed at the sites of WordPress. Once again, the criminals cyber utilize a vulnerability in the attachment Popup Builderas it was in January. Unfortunately, there is thousands of websites you do not have up-to-date, from, etc.
On its own Injector infektoi over 3,300 sites
Popup Builder it is a plugin that a lot of the well known (more than 200,000 installations), which allows you to view the different types of pop-ups for the purpose of information for functional and marketing. The weakness of fixed CVE-2023-6000, and it can be found up to version 4.2.3, was used in January to be infected with about 6,700 sites to WordPress.
The Sucuri have discovered that, starting about three weeks ago, is being held in a campaign of new malware, which exploits the same vulnerability skriptimit a cross-site (XSS) as well as annex the Popup Builder. Therefore, the attention of the little attention dedicated to the safety and security of the report, it is obvious. There are over 3300 locations of the infected.
The code on its own Injector injected into the sections, the CSS of custom or new Year CSS for the interface of the administrator, and it is stored in a table in data base. The Malware-it is executed when the schedule opens or closes the pop-up. In many cases, the visitor ridrejtohet pages, phishing or sites that carry malware, etc.
Of course, the advice is to use the attachment (the latest version is 4.2.7). If the virus is already present, the administrators need to remove the sections of the above, but it is a temporary solution, if you use a version of the vulnerable, the Popup Builder).
Discussion about this post