Nearly 2,000 WordPress websites were infected with malware that hides command-and-control data inside Steam Community profile comments using invisible Unicode characters. GoDaddy researchers found the campaign on about 1,980 sites and traced it to a payload that downloads malicious JavaScript, installs a backdoor, and evades detection through stealthy encoding and obfuscation. #SteamCommunity #WordPress #GoDaddy #hello-mywordlinfo
Keypoints
- About 1,980 WordPress websites were infected in the campaign.
- The malware hides C2 data inside Steam Community profile comments.
- Invisible Unicode characters are used to encode the malicious payload.
- The payload builds a URL to malicious JavaScript hosted on hello-mywordl[.]info.
- The final-stage backdoor accepts base64-encoded PHP through authenticated POST requests.