Malicious backdoor-deploying JavaScript facilitates widespread WordPress site compromise

More than 1,000 WordPress websites have been infected with four different backdoors through a malicious JavaScript code spread via the cdn.csyndication[.]com domain referenced across 908 websites, reports The Hacker News.

While the first and second payloads facilitate the installation of a fraudulent plugin for command execution and the injection of a malicious JavaScript into websites' wp-config.php file, respectively, the other two allowed persistent remote access and both command execution and additional payload retrieval, according to an investigation from web security firm c/side.

WordPress site admins have been urged to rotate credentials, remove unauthorized SSH keys, and be vigilant of suspicious network activity.

Such findings follow an earlier c/side report detailing the use of malicious JavaScript to take over 35,000 websites, which redirected to Chinese-language gambling sites.

Another malignant JavaScript code dubbed "Bablosoft JS" was also reported by Group-IB to have been leveraged by the ScreamedJungle threat actor to compromise fingerprints collected in vulnerable Magento websites.