Summary: Over 1,000 WordPress websites have been compromised by malicious JavaScript injecting multiple backdoors, allowing persistent access and control for attackers. Separately, another cybersecurity report highlights malware impacting over 35,000 sites dedicated to redirecting users to gambling platforms. Furthermore, a significant threat to Magento sites involves a JavaScript that collects user fingerprints for illicit activities.
Affected: WordPress and Magento websites
Keypoints :
- More than 1,000 WordPress sites infected with JavaScript code containing four backdoors, enhancing attacker control.
- Backdoors facilitate various malicious actions, including executing commands, installing fake plugins, and providing persistent access.
- A separate campaign affects over 35,000 sites, redirecting users to Chinese gambling platforms through injected JavaScript.
- Magento websites are also compromised using a fingerprinting script that exploits known vulnerabilities for data collection.
Source: https://thehackernews.com/2025/03/over-1000-wordpress-sites-infected-with.html