hacking

Spike in WordPress Expose It To Ransomware.

Massive flaws has been discovered in WordPress which delivers ransomware to the visitors. A spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. People having outdated version of  Adobe Flash Player, Adobe Reader, Microsoft Silverlight, or Internet Explorer  are more vulnerable while surfing infected WordPress website.

The malware tries to infect all accessible .js files which means all the domain name hosted in a hosting account might get infected.

admedia-injection-640x411

Surprisingly,all the infected domain name is being pointed to  46.101.84.214178.62.37.217178.62.37.131, 178.62.90.65 network of Digital Ocean.

According to the Securi, some of the featurs of this malware are:

  1. 32 hex digit comments at the beginning and end of the malicious code. E.g. /*e8def60c62ec31519121bfdb43fa078f*/ This comment is unique on every infected site. Most likely an MD5 hash based on the domain name.
  2. The first comment is immediately followed by  ;window[“\x64\x6f…. and a long array of string constants in their hexadecimal representation.
  3. It always ends with “.join(\”\”);”));

 



READ THIS ALSO  Top Hacking and Penetration Linux Operating System.