-: FOLLOW US :- @theinsaneapp
Security firm Sucuri found 10,890 websites infected with a backdoor that redirects visitors to sites that generate fraudulent views of Google Adsense ads.
-: FOLLOW US :- @theinsaneapp
All of the infected websites run the WordPress content management system and have an obfuscated PHP script injected into legitimate files.
-: FOLLOW US :- @theinsaneapp
The additional injected code works as a backdoor that allows the malware to survive disinfection attempts by loading itself into files that run when the targeted server is restarted.
-: FOLLOW US :- @theinsaneapp
The backdoors download additional shells and a Leaf PHP mailer script from a remote domain filestack[.]live and place them in files with random names in wp-includes, wp-admin and wp-content directories.
-: FOLLOW US :- @theinsaneapp
The malware is lodged within the wp-blog-header.php file and will execute whenever the website is loaded and re-infect the website.
-: FOLLOW US :- @theinsaneapp
The malware hides its presence from operators when a visitor is logged in as an administrator or has visited an infected site within the past two or six hours.
-: FOLLOW US :- @theinsaneapp
The malicious code is obfuscated, using Base64 encoding, making it difficult to detect.
-: FOLLOW US :- @theinsaneapp
Sucuri researcher Ben Martin reported the findings.
-: FOLLOW US :- @theinsaneapp
Infected websites are vulnerable to fraudulent views of Google Adsense ads.
-: FOLLOW US :- @theinsaneapp
Website owners need to take action to remove the malware from their sites to avoid further damage.