A new malware affecting WordPress sites have been detected.
According to Sucuri, a new malware is identified which injects a fake admin role and redirects WordPress websites to temporary spammy domains, and adds spam advertisements on WordPress sites.
The major difference this time is that a new fake admin is created that remains undetected in the system, that gives hackers full access to the site.
Infected websites are redirecting to other websites with spammy domains like 3cal1ingc0nstant31112123[.]tk or 1sthelper31212123[.]tk (they frequently change). In addition to the redirect, a new rogue admin user “simple001” is created on the infected websites, which give hackers full access to the sites.
eval(String.fromCharCode(118, 97, 114, 32, 115, 115, 99,redacted...)
The vulnerability seems to be appearing on websites that uses old WordPress themes. So, if you’re using an outdated TagDiv themes like Newspaper or Newsmag please verify through Sucuris free SiteCheck scanner.
Sucuri recommends that webmasters update the themes to patch the vulnerability, then inspect blog for suspicious users and also test website settings, change passwords, and scan your server for any backdoors that may have been left behind.