More than 1,000 WordPress websites have been infected with four different backdoors through a malicious JavaScript code spread via the cdn.csyndication[.]com domain referenced across 908 websites, reports The Hacker News.The first and second payloads facilitate the installation of a fraudulent plugin for command execution and the injection of a malicious JavaScript into websites' wp-config.php file, respectively. The other two allowed persistent remote access and both command execution and additional payload retrieval, according to an investigation from web security firm c/side.WordPress site admins should rotate credentials, remove unauthorized SSH keys, and be vigilant of suspicious network activity.An earlier c/side report detailed the use of malicious JavaScript to take over 35,000 websites, which redirected to Chinese-language gambling sites. Group IB also reported another malignant JavaScript code dubbed "Bablosoft JS," was leveraged by the ScreamedJungle threat actor to compromise fingerprints collected in vulnerable Magento websites.
You can skip this ad in 5 seconds