Mysteriously, a large number of sites running on WordPress have been hacked causing them to deliver crytpo-ransomware and other malicious software, to visitors. Until last week, web security services were unaware of this massive lapse in security.
Three separate security firms have since come forward to report that visitors of a massive number of legitimate WordPress sites are being silently redirected to malicious sites, which host code from the Nuclear exploit kit.
Users with outdated versions of Adobe Flash Player, Adobe Reader, Microsoft Silverlight, or Internet Explorer are highly susceptible to getting infected with Teslacrypt ransomware package. The ransomware encrypts files on the computer with a decryption key which can only be availed at a hefty ransom to restore user files.
“WordPress sites are injected with huge blurbs of rogue code that perform a silent redirection to domains appearing to be hosting ads,” Malwarebytes Senior Security Researcher Jérôme Segura wrote in a blog post published Wednesday. “This is a distraction (and fraud) as the ad is stuffed with more code that sends visitors to the Nuclear Exploit Kit.”
“This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files.” Website security firm Sucuri, said in a statement in a blog post, Monday. “This malware uploads multiple backdoors into various locations on the webserver and frequently updates the injected code. This is why many webmasters are experiencing constant reinfections post-cleanup of their .jsfiles.”