Compromising a website in addition to and therefore hosting malware on it has run past times away an onetime tactic for hackers, in addition to straight off they are trying their hands inwards compromising vast bulk of users inwards a unmarried stroke. Researchers accept discovered that hackers are straight off using Pastebin to spread malicious backdoor code.
According to a weblog postal service published yesterday past times a senior malware researcher at Sucuri, Denis Sinegubko, the hackers are leveraging the weakness inwards older versions of the RevSlider, a pop in addition to a premium WordPress plugin. The plugin comes packaged in addition to bundled into the websites’ themes inwards such a way that many website owners don't fifty-fifty know they accept it.
In gild to exploit the vulnerability, showtime hackers facial expression for a RevSlider plugin inwards the target website in addition to ane time discovered, they role a mo vulnerability inwards Revslider in addition to endeavour to upload a malicious backdoor to the website.
"Technically, the criminals used Pastebin for what it was built for – to part code snippets," Sinegubko wrote inwards a blog post. "The exclusively grab is that the code is malicious, in addition to it is used inwards illegal action (hacking) lead off of the Pastebin website."
Security researchers came across a segment of code that injects the content of a Base64-encoded $temp variable into a WordPress nub wp-links-opml.php file. Researchers noticed about code is existence downloaded from the legitimate Pastebin.com website in addition to is subject on using a parameter, wp_nonce_once, that disguises the fact that it calls upon an actual Pastebin file.
The wp_nonce_once parameter, which is ordinarily used to protect against unexpected or duplicate requests, likewise makes the malicious code hard to block, in addition to at the same fourth dimension "adds flexibility to the backdoor," the researcher claims.
This way that the malicious backdoor tin endure tricked to download in addition to execute whatever code snippet hosted on Pastebin — fifty-fifty those that don't be at the fourth dimension of injection — yous only involve to run past times a asking through that wp-links-opml.php file.
So far, it’s unclear just how widespread this malicious backdoor is, but the touching on could endure much unsafe when it comes to Pastebin which has 1.5 1000000 active user accounts equally of concluding year.
Founded inwards 2002, Pastebin was initially developed equally an opened upwardly online forum where estimator developers could part programming code. But the site’s gradual appeal to hackers of all ranks made it increasingly hard to monitor the site for bad behavior. Many hacker groups part information stolen from famous companies via the service in addition to about pastes are likewise known to endure used inwards malware attacks, which may incorporate encrypted addresses in addition to fifty-fifty base64-encoded malicious binary code.
Last calendar month safety researchers at Sucuri discovered a novel type of malware threat, dubbed SoakSoak, that was modifying files inwards WordPress websites that used an older version of “Slider Revolution,” aka RevSlider, a slideshow plugin. At the time, the search engine giant Google blacklisted over 11,000 websites it spotted spreading the malware.
