A naukri.com initiative
Kaspersky
4d
306
Image Credit: Kaspersky
DollyWay is infecting WordPress sites | Kaspersky official blog
- Cybercriminals exploit vulnerabilities in WordPress plugins and themes to compromise websites, injecting harmful scripts to redirect users to third-party pages.
- The DollyWay campaign, affecting over 20,000 WordPress sites, monetizes through affiliate programs like VexTrio and LosPollos, redirecting traffic to scam or legitimate sites based on victim profiles.
- To conceal itself, DollyWay injects malicious code into active plugins, employs a re-infection mechanism, hides admin accounts, and hijacks legitimate credentials.
- Attackers use maintenance scripts and web shells to update compromised sites and prevent rival malware interference, focusing resources on valuable assets.
- Regular security audits, particularly of plugins and themes, are crucial to safeguarding corporate websites against campaigns like DollyWay.
- If signs of compromise are detected, isolating the affected site, removing suspicious plugins, deleting unrecognized admin accounts, changing passwords, and enabling two-factor authentication are recommended steps.
- In cases where internal resources are insufficient, seeking assistance from third-party incident response specialists is advised.
Read Full Article
18 Likes
For uninterrupted reading, download the app