Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

Taco Bell rethinks about relying on AI at drive-thru

The fall of EV startup Fisker: A comprehensive timeline

I was really impressed with this $400 portable projector

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Over 1,000 WordPress sites infected with JavaScript backdoors allow permanent attacker access
Identity

Over 1,000 WordPress sites infected with JavaScript backdoors allow permanent attacker access

userBy userMarch 6, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

March 6, 2025Ravi LakshmananData Breaches/Website Security

Over 1,000 websites with WordPress are infected with third-party JavaScript code injecting four separate backdoors.

“Creating four backdoors makes it easier for attackers with multiple re-entries if one is detected and deleted,” C/Side researcher Himanshu Anand said in an analysis Wednesday.

Malicious JavaScript code is known to be provided via cdn.csyndication[.]com. At the time of writing, as many as 908 websites contain references to the domain in question.

Cybersecurity

The functions of the four backdoors are explained below –

Backdoor 1, which uploads and installs a fake plugin named “Ultra SEO Processor”, is used to run command backdoor 2 issued by an attacker. This injects malicious JavaScript into WP-Config.php backdoor 3. Run a remote command and get another payload from GSocket[.]I’m likely to open an inverse shell

To mitigate the risk posed by attacks, users are recommended to remove rogue SSH keys, rotate WordPress administrative credentials, and monitor system logs to monitor suspicious activity.

As cybersecurity companies detail another malware campaign, development occurred as more than 35,000 websites using malicious JavaScript detailed over 35,000 websites redirecting site visitors to a Chinese gambling platform to “fully hijack a user’s browser window.”

“Attacks appear to be targeted or derived from the mandarins in a common area. The final landing page presents gambling content under the “Kaiyun” brand.

Redirects occur via JavaScript hosted in five different domains. This acts as the loader of the main payload responsible for performing the redirect –

mlbetjs[.]com ptfafajs[.]com zuizhongjs[.]com jbwzzzjs[.]com jpbkte[.]com

Cybersecurity

The findings follow a new report from Group-IB, followed by a new report about a threat actor called Screamedjungle that injects Bablosoft JS with JavaScript code into a compromised Magento website, and collects visitor fingerprints. Over 115 e-commerce sites are believed to have been affected so far.

The injected script is “part of the Bablosoft Browser Automation Studio (BAS) suite,” the Singapore company said, adding that it “contains several other features to collect information about the systems and browsers of users accessing compromised websites.”

The attacker is said to be exploiting a known vulnerability affecting the vulnerable Magento version (CVE-2024-34102 aka CVE-2024-20720) to violate the website. The financially motivated threat actor was first discovered in Wild in late May 2024.

“Browser fingerprinting is a powerful technique commonly used on websites to track user activity and take marketing strategies,” Group-IB said. “However, this information is also being utilized by cybercriminals to mimic legitimate user behavior, circumvent security measures and carry out fraudulent activities.”

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleThe UK is set to unleash the future of offshore energy in the North Sea
Next Article Israel’s Gaza aid blockade could violate humanitarian law: European countries | Israeli-Palestinian conflict news
user
  • Website

Related Posts

Attackers abuse Velociraptor’s forensic tools for deploying Visual Studio code for C2 tunneling

August 30, 2025

Whatsapp Issues Zero-Click Exploit Emergency Updates iOS and Macos Device Targeting

August 30, 2025

Whatsapp Issues Zero-Click Exploit Emergency Updates iOS and Macos Device Targeting

August 30, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Taco Bell rethinks about relying on AI at drive-thru

The fall of EV startup Fisker: A comprehensive timeline

I was really impressed with this $400 portable projector

Attackers abuse Velociraptor’s forensic tools for deploying Visual Studio code for C2 tunneling

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

Unlocking Tomorrow’s Health: Medical Device Integration

Web 3.0’s Promise: What Sir Tim Berners-Lee Envisions for the Future of the Internet

TwinH’s Paves Way at Break The Gap 2025

Smarter Healthcare Starts Now: The Power of Integrated Medical Devices

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.