WordPress and Joomla websites serving ransomware


Research conducted by Cloud-based Information security company Zscaler says that websites which are built on WordPress and Joomla backgrounds are now reportedly acting as platforms to distribute ransomware and phishing links to hackers.

Zscaler security experts say that cyber crooks are exploiting the vulnerabilities exhibited by the said platforms to serve Shade ransomware and other malevolent content.

Technically speaking, a report from the San Jose based company says that attackers are using hidden directory skills like HTTPS to quench their objectives.

NOTE 1- HTTPS is utilized by owners to establish ownership of the web domain to the certificate authority that scans for the code to identify the web domain as legitimate.

However, hackers are somehow finding ways to gain access to such certificates and using them as source points to deliver malware and other forms of malicious content- all with the endorsement from website administrators.

“At present, we have figured out that over 500 websites have been compromised and thousands are on the verge to be hit by Troldesh or shade ransomware, phishing links and other spurious content”, said Deepen Desai, VP of Security research & operations at Zscaler.

Mr. Desai added that some cyber crooks have found ways to exploit Joomla hosted websites to such an extent that they are inducing phishing pages with SSL validated hidden directories and are fooling victims to pass on their usernames and passwords.

NOTE 2 – Zscaler argues that only those websites running on WordPress versions of 4.8.9 to 5.1.1 with obsolete CMS themes or server-side software are falling prey to hackers.

NOTE 3– Zscaler has already informed the website owners who were found affected and is busy tracking down those behind the campaign.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display