A new malware called SoakSoak has made its appearance these days and has already infected more than 100 thousands of sites based on WordPress.
According to Sucuri, the particular malware started from the Russian domain SoakSoak.ru, while with a first analysis διαπιστώνεται να υπάρχει συσχέτιση με την ευπάθεια Revslider, which had been discovered a few months ago.
Η attack seems to affect most hosts across the WordPress hosting spectrum.
What happens through the attack is the modification of the file wp-includes / template-loader.php, to include the following code:
This results in the file being loaded wp-includes / js / swobject.js σε κάθε σελίδα του website, το οποίο όταν αποκωδικοποιείται φορτώνει ένα κακόβουλο λογισμικό JavaScript from the SoakSoak.ru domain – specifically this file: soaksoak.ru/xteas/code.
So far it has not been determined what "damage" it causes SoakSoak.
Also, to point out that sites in WordPress.com are not in danger of being infected.
Source: gr.pcmag.com