“Hundreds of thousands” of WordPress websites have reportedly been infected recently by a malware that continues to spread to even more sites. The malicious software goes by the name of SoakSoak and is currently causing quite a ruckus on the internet. The websites infected by the malware are being blacklisted by Google due to their tendency of infecting the machines of users who visit them. As of Sunday, more than 11,000 domains have already been blacklisted by the search giant, but that number is now at well over 100.000. If you try to access one of the infected WordPress websites, you will most likely receive a warning from your browser that advises you to turn back, and you should definitely to that if you don’t want malware on your device.
As for why this happened now and why it’s only affecting WordPress sites, security firm Sucuri says that it’s all because of a third-party plugin called Revolution Slider, or RevSlider. The firm says that it discovered a serious vulnerability with the plugin several months ago which was never fixed by ThemePunch, the plugin’s developer. ThemePunch admits that it was aware of the vulnerability since February and quickly proceeded to update the plugin with a fix. However, the company did not make an official announcement giving more details about the matter fearing that “an instant public announcement would spark a mass exploitation of the issue.” Therefore, most WordPress webmasters never updated the plugin because they didn’t know about the problem.
To make matters even worse, many didn’t even know about RevSlider before these attacks as this a premium plugin that more often than not gets bundled into themes. “Some website owners don’t even know they have it as it’s been packaged and bundled into their themes,” Sucuri wrote. “We’re currently remediating thousands of sites and when engaging with our clients many had no idea the plugin was even within their environment.” The only way to stop these attacks for now seems to be to simply use a good Firewall. At the time of this writing, WordPress did not make any comments regarding these attacks.