Security researchers from The WordFence Incident Response team have issued a malware threat alert to websites hosted on the GoDaddy Managed Hosting service. The alert issued by the WordPress security analysis team is about a backdoor malware that has infected sites since March 11th of this year.
Of the 298 websites detected with the malware, 281 were hosted on GoDaddy and showed infection on the wp-config.php file.
It is unclear whether the attack campaign is related to the ongoing Russian war on Ukraine, but is found generating spam-filled results related to Google Search that infect the site and the visitor/s thereafter.
The intrusion vector for this malware is yet to be ascertained, but in November last year, GoDaddy made it official that its servers were unlawfully accessed by hackers who stole information related to 1.2 million WordPress customers.
So, all those who are hosting your content on the WordPress platform, including 123Reg, tsoHost, MediaTemple, Domain Factory, Heart Internet, and Host Europe Managed WordPress sites, please monitor the wp-config.php file or scan for any malware intrusion available through a free WordPress scanner.
Details on how to clean a hacked WordPress Website are already available on the web and the support page of GoDaddy.
Note 1- if your web portal has been infected, it would have been suspended by the Managed Service Provider(MSP) by now.
Note 2- In May 2020, it was revealed that a cyber attack affected about 19 million customers who hit the said MSP. Investigations launched later revealed that the servers were affected in October 2019, but the infection was detected in April 2020. The web service provider that has a database of over 76 million domains issued an apology and said that account details of customers connecting to Secure Shell(SSH) were fraudulently accessed by cybercriminals between Oct’19 to April’20.