WordPress Injection Anchors Widespread Malware CampaignWebsite admins should patch all plugins, WordPress itself and back-end servers as soon as possible.
The downloader malware known as Gootloader is poisoning websites globally as part of an extensive drive-by and watering-hole cybercampaign that abuses WordPress sites by injecting them with hundreds of pages of fake content.
The adversaries have so far delivered the Cobalt Strike intrusion tool, the Gootkit banking trojan or the REvil ransomware, according to a forensic analysis.
Researchers with eSentire spotted a Gootloader campaign in December, infiltrating dozens of legitimate websites involved in the hotel industry, high-end retail, education, healthcare, music and visual arts, among others. All of the compromised sites run on WordPress.
March 5, 2021