WordPress users are now facing another threat from a malware attack, named SoakSoak. Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru.
According to Security Firm Sucuri, who is actively investigating the vector of malware, already 100’s of thousands of WordPress specific websites have been infected with this malware. Though they are not sure of the exact vector, but their preliminary analysis shows its correlation with the Revslider vulnerability which was reported a few months back. Also, they have mentioned specifically, that this campaign does not appear to be specifically targeted towards WordPress only, the victims seem to be blogs relying on its frame work. So the fact that most of its victims are WordPress websites, may just be a coincidence.
Once your website is infected with this malware, you might experience irregular website behaviour including redirects to SoakSoak.ru webpages. You may also, end up downloading malicious files onto your computer systems automatically without any knowledge.
SoakSoak malware modifies the file located at wp-includes/template-loader.php which causes wp-includes/js/swobject.js to be loaded on every page view on the website and this “swobject.js” file includes a malicious java encoded script malware.
Security Firm Sucuri, has provided a free SiteCheck scanner for scanning malware on your websites. So, if you have websites in wordpress, and worried about the potential risk you can always, visit Sucuri website and scan for any malware.