Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Exploit Kit Hiding as Social Buttons on Hacked WordPress and Joomla Sites
#1
[Image: exploit-kit-hiding-as-social-buttons-on-...3230-2.jpg]
Security researchers from Malwarebytes uncovered today a new trick used by malware distributors that rely on sneaky domain names that fool webmasters into thinking (malicious) code that mysteriously appeared on their site is responsible for powering a social sharing button.
For this trick to work, attackers must first hack into the webmaster's website. Malwarebytes says they've seen this happen on a series of Joomla and WordPress installations, which doesn't surprise us since this happens quite a lot lately.
Once the attacker has compromised the site, he adds his malicious JavaScript call to the site's source code in the form of something like "http://social-button.site/analytics.js". Of course, other domains will also work (socialplugin.io, etc.).
If webmasters suspect anything, a quick inspection over the code might fool him into thinking he's looking at a social sharing plugin's JavaScript file.
Accessing the file directly in a browser yields actual JavaScript code with no malicious intent. When users access the infected site, this code gets loaded in their browser with the proper referrer settings, and the innocent code gets replaced by something more dangerous.
This malicious version of the so-called "social sharing analytics" code will redirect users through a series of intermediary points, eventually landing on a page hosting the Angler exploit kit.
If the user is using an outdated browser or outdated browser plugins, Angler will execute malicious routines and deliver the Bedep click-fraud malware.

[Image: exploit-kit-hiding-as-social-buttons-on-...3230-3.png]

source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  700,000 WordPress Sites Vulnerable to Takeover, No Fix Available mrtrout 0 104 11-12-2024 , 11:32 PM
Last Post: mrtrout
  Almost 2,000 Exchange servers hacked using ProxyShell exploit mrtrout 0 746 08-27-2021 , 06:40 AM
Last Post: mrtrout
  Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws Bjyda 0 1,077 03-28-2021 , 12:06 PM
Last Post: Bjyda
  smashingsecurity Episode 204 Green buttons, Olympic attacks, and... an apology mrtrout 0 1,168 11-12-2020 , 02:50 AM
Last Post: mrtrout
  Update Hiding in a plain sight: APT comes into a market... guardian 0 1,702 04-27-2020 , 12:05 PM
Last Post: guardian



Users browsing this thread: 3 Guest(s)