According Sucuri Nearly 2,000 Websites are compromised with iFrames vulnerability in WordPress OptimizePress Theme, all of the contaminated websites that are reviewed and cleared using OptmizePress, and they all had the same iFrame injected.
Google also started to blacklist the compromised sites, and just for this one iFrame variation, they blacklisted almost 1,500 sites.
The vulnerability file path location is at "lib/admin/media-upload.php" location that allows anyone to upload any kind of files to the "wp-content/uploads/optpress/images_comingsoon" folder.
This malware is a lot smarter, hiding itself using multiple encoding variations, If we decoded, the malware “mothership” on one of the IP’s will get the updated injection.
If you have been hit, take a look at your theme and plugin files, you will likely find all of them injected with a payload.
If you want protecthis vulnerability you need to update your OptmizePress installations ASAP to prevent the reinfections.
No comments:
Post a Comment