March 22, 2024 at 09:54AM
Security firm Sucuri warns that over 39,000 websites have been infected with new malware called Sign1, which redirects visitors to scam domains and displays unwanted ads. The JavaScript-based malware is injected into compromised websites, hidden with obfuscation, and conditionally executed based on specific visitor and website conditions. The firm has identified 15 domains used in the campaign.
Meeting Summary:
The meeting notes highlight a new malware family called Sign1, which has infected over 39,000 websites, causing unwanted redirects to scam domains and displaying intrusive ads. The malware is specifically targeting WordPress custom HTML widgets and the Simple Custom CSS and JS WordPress plugin, making it challenging for security providers to detect. Notably, the malware utilizes obfuscation and a specific cookie to avoid repeated pop-up displays for the same visitor. The malware’s execution is also dependent on the visitor’s referral source and the existence of a specific JavaScript file at a particular interval. It’s been found that the infection primarily occurs for visitors from major websites such as Facebook, Google, Instagram, or Yahoo.
The security firm, Sucuri, has identified over 39,000 infected sites with different variants of the malware, with the most recent variant having infected over 2,500 sites in the last two months. Additionally, the firm has identified 15 domains used in this malicious campaign, with eight of them being used in thousands of infections each. The meeting notes also referenced related attacks and vulnerabilities, emphasizing the significance of addressing website security vulnerabilities effectively.
Please let me know if you need further details or have any additional questions.