Technology News
Technology News

New WordPress Security Alert: Malware injecting Ads & Fake Admin Found

This article was updated on August 6th, 2020 at 05:57 am

A new malware affecting WordPress sites have been detected.

According to Sucuri, a new malware is identified which injects a fake admin role and redirects WordPress websites to temporary spammy domains, and adds spam advertisements on WordPress sites.

This is not a new kind of security alert, but seems to be a variant of the old JavaScript injection method where malicious JavaScript designed to display unauthorized pop-ups or completely redirect visitors to spammy websites, are added undetected to WordPress websites.

The major difference this time is that a new fake admin is created that remains undetected in the system, that gives hackers full access to the site.

Infected websites are redirecting to other websites with spammy domains like 3cal1ingc0nstant31112123[.]tk or 1sthelper31212123[.]tk (they frequently change). In addition to the redirect, a new rogue admin user “simple001” is created on the infected websites, which give hackers full access to the sites.

The malicious javascript can be located in the theme options (including ad configuration, custom javascript, and other fields). Look for the following line:

eval(String.fromCharCode(118, 97, 114, 32, 115, 115, 99,redacted...)

The injected javascript includes and executes a remote and more sophisticated javascript code from: hxxps://json.stringengines[.]com/redacted.js

The vulnerability seems to be appearing on websites that uses old WordPress themes. So, if you’re using an outdated TagDiv themes like Newspaper or Newsmag please verify through Sucuris free SiteCheck scanner.

Sucuri recommends that webmasters update the themes to patch the vulnerability, then inspect blog for suspicious users and also  test website settings, change passwords, and scan your server for any backdoors that may have been left behind.


Amazing WordPress Theme

Get updates!