Hacked WordPress sites are being defended by their attackers

“Hacked WordPress sites are being defended by their attackers”
“Tech News ||
A zero-day vulnerability was recently discovered in a popular WordPress plugin and now cybercriminals exploiting the flaw have begun to protect the sites they’ve compromised from attacks launched by other threat actors.
The security flaw was first discovered by the security firm Defiant who recorded attacks on over 1.7m WordPress sites that had vulnerable versions of the File Manager plugin installed. However, in the past week, the number of sites attacked has increased to over 2.6m.
If exploited, the flaw allows attackers to upload malicious PHP files and execute arbitrary code on WordPress sites that have not updated to the latest version of File Manager.
The plugin’s developers created and put out a patch for the vulnerability with the release of File Manager 6.9.
Unfortunately though, many site owners have yet to update to the latest version of the plugin which has left their sites vulnerable to attacks.
Defending hacked WordPress sites:
Multiple cybercriminals are currently targeting sites running vulnerable versions of the File Manager plugin according to a new report from Defiant. However, Wordfence QA engineer Ram Gall explained that two of these attackers have begun to defend the sites they’ve hacked, saying:
“We’ve seen evidence of multiple threat actors taking part in these attacks, including minor efforts by the threat actor previously responsible for attacking millions of sites, but two attackers have been the most successful in exploiting vulnerable sites, and at this time, both attackers are password protecting vulnerable copies of the connector.minimal.php file.”
One of the attackers, who goes by the handle bajatax, is a Moroccan threat actor who is known for stealing user credentials from PrestaShop e-commerce websites. After compromising a WordPress site, bajatax then injects malicious code which harvests user credentials via Telegram when a site owner logs in and these credentials are then sold to the highest bidder. The other threat actor injects a backdoor, camouflaged as an .ico file, into a randomized folder as well as the site’s webroot to ensure that they can continue to access the compromised site.
Defiant has observed both threat actors using passwords to protect the exploitable connector.minimal.php file on sites they’ve previously infected. Gall provided further details on how these two threat actors are defending WordPress sites they’ve compromised, saying: “Our site cleaning team has cleaned a number of sites compromised by this vulnerability, and in many cases,
malware from multiple threat actors is present. The aforementioned threat actors have been by far the most successful due to their efforts to lock out other attackers, and are collectively using several thousand IP addresses in their attacks.”
WordPress site owners that have the File Manager plugin installed should update to version 6.9 immediately to avoid falling victim to any potential attacks, especially now that cybercriminals have stepped up their efforts.
Via BleepingComputer”
Source. https://todaynewspost.com/uncategorized/hacked-wordpress-sites-are-being-defended-by-their-attackers/
Conspiracy Revelation: 25.11.2020: Yes, that was true. I destroyed their hidden infected ICO.Backup now.


Conspiracy Revelation Archive Vol.142: 03.12.2020:
Conspiracy Revelation Archive:
Hacker Defender Reloaded…these times in form of Server-Rootkits…Why nobody talks about this MEGA-MESS?!!!!
Ico-Exploits are Russian in origin..and likely over 25 years old…it´s the Russian Spambot Style…
Conspiracy Revelation Archive Vol.169:
Conspiracy Revelation Archive: 3.12.2020:
Why nobody talks about Bajatax.Exploit…this thing sabotages half of the Internet´s Websides and not only those with a non-updated File Manager…50% of the Internet uses WordPress… and I see no reports…What´s going on in the IT-Security industry? Sleepy Hollow or what? Have they all become Zombies? Or is everything censored and hidden so well?

400950cookie-checkHacked WordPress sites are being defended by their attackers
Dieser Beitrag wurde unter Allgemein, Alliance/Ermächtigung/Empower, Chaos & Karma, Detection, Endgame/Endzeit/Endtimes, Gov/Cults/Sekten/Religion, Intelligence/Surveillance/Sabotage, IT Security/IT Forensic, Kabbale/Cabal, Mafia&State Crime, News, NWO/Agenda21/Zion/Fascism, Politik, Protection, Public Counterintelligence, Revolution/Rebellion/Freedom FIghters, Skynet/AI/Software/Autonomous High Tech, Sociology/Soziologie, Sozialnetzwerke/Socialnetworks, Technofaschismus/Technocracy/UN/NWO, Trends, Verschiedenes veröffentlicht. Setze ein Lesezeichen auf den Permalink.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert