Cyber attackers responsible for a WordPress malvertising campaign are looking to expand its reach as reports show threat actors attempting to cross platforms by targeting Joomla-hosted sites. According to security researcher Brad Duncan via the Internet Storm Center, the group behind the Wordpress “admedia” campaign is setting is sights on a new target, as they've been found attacking the open-source content management platform Joomla.
In January 2016, WordPress infections resulting from admedia iframe injections not only led to the installation of backdoors, but also presented malicious domains that led visitors to an exploit kit that contains the TeslaCrypt ransomware. According to Duncan, the campaign has now added the use of the Angler exploit kit to the Nuclear exploit kit it dropped on target sites when it was first observed. Aside from this, the threat actors have also begun using “megaadvertize” in their gateway URLs.
While researchers share that the number of infected Joomla-hosted sites is not as large compared to WordPress, website administrators should not take this lightly. Compromising legitimate domains as an attack vector is gaining popularity, given the kind of traffic and trust that they get from unknowing users. Webmasters are advised to regularly patch CMS systems and to stay vigilant on the latest threats that could put their users at risk.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.