Skip to main content

A spike in new WordPress malware detected

A new malware in WordPress, which was first noticed two weeks ago, has now started to gain real traction. Called “visitorTracker_isMob”, it was first noticed by security monitoring and malware removal company Sucuri.

The company said that it is seeing a sharp rise in the number of infections in recent days, and it hopes that, by repeating the information, it will inform WordPress and have it take action against the problem.

Heed Sucuri's call, WordPress!

"We initially shared our thoughts on it via our SucuriLabs Notes, but as the campaign has evolved we have been able to decipher more information as we investigate the effects on more compromised sites," explained Sucuri CTO Daniel Cid in a blog post.

"This post should serve as a resource to help WordPress administrators (i.e. webmasters) in the WordPress community."

"This malware campaign is interesting”, he says.

“Its final goal is to use as many compromised websites as possible to redirect all their visitors to a Nuclear Exploit Kit landing page. These landing pages will try a wide variety of available browser exploits to infect the computers of unsuspecting visitors.”

"If you think about it, the compromised websites are just a means for the criminals to get access to as many endpoint desktops as they can. What's the easiest way to reach out to endpoints? Websites, of course."

The company still doesn’t know which plugin is affected by the malware, and advises all WordPress users to update their plugins, including the premium ones.

It is also recommended that you check your site via the Free Security / Malware Scanner (SiteCheck) to verify if you’re currently being affected by this campaign.