A new malware called SoakSoak has made its appearance these days and has already infected more than 100 thousands of sites based on WordPress.
According to Sucuri, this particular malware originated from Russian domain SoakSoak.ru, while a first analysis shows that there is a correlation with the vulnerability Revslider, which had been discovered a few months ago.
The attack seems to affect most hosts across the entire range of WordPress hosting.
What happens through the attack is the modification of the file wp-includes/template-loader. Php, to include the following code:
This results in the file being loaded wp-includes / js / swobject.js on each website page, which when decoded loads one malicious JavaScript software from the SoakSoak.ru domain – specifically this file: soaksoak.ru/xteas/code.
So far it has not been determined what "damage" it causes SoakSoak.
Also, to point out that sites in WordPress.com are not in danger of being infected.
Source: gr.pcmag.com