#QuickTakes By

11,000 Sites Affected By This Malware

Scribbled Arrow

TRENDING GLOBALLY

-: FOLLOW US :-  @theinsaneapp

Security firm Sucuri found 10,890 websites infected with a backdoor that redirects visitors to sites that generate fraudulent views of Google Adsense ads.

-: FOLLOW US :-  @theinsaneapp

All of the infected websites run the WordPress content management system and have an obfuscated PHP script injected into legitimate files.

-: FOLLOW US :-  @theinsaneapp

The additional injected code works as a backdoor that allows the malware to survive disinfection attempts by loading itself into files that run when the targeted server is restarted.

-: FOLLOW US :-  @theinsaneapp

The backdoors download additional shells and a Leaf PHP mailer script from a remote domain filestack[.]live and place them in files with random names in wp-includes, wp-admin and wp-content directories.

-: FOLLOW US :-  @theinsaneapp

The malware is lodged within the wp-blog-header.php file and will execute whenever the website is loaded and re-infect the website.

-: FOLLOW US :-  @theinsaneapp

The malware hides its presence from operators when a visitor is logged in as an administrator or has visited an infected site within the past two or six hours.

-: FOLLOW US :-  @theinsaneapp

The malicious code is obfuscated, using Base64 encoding, making it difficult to detect.

-: FOLLOW US :-  @theinsaneapp

Sucuri researcher Ben Martin reported the findings.

-: FOLLOW US :-  @theinsaneapp

Infected websites are vulnerable to fraudulent views of Google Adsense ads.

-: FOLLOW US :-  @theinsaneapp

Website owners need to take action to remove the malware from their sites to avoid further damage.

#GIVEAWAY BY INSANE

Do you know that we give away around $250 USd in cash prizes every week?

Let’s grow together!