Hundreds of compromised Wordpress and Joomla websites are serving up malware to visitors

[silversurfer]

Content source

https://www.zdnet.com/article/hundreds-of-compromised-wordpress-and-joomla-websites-are-serving-up-malware-to-visitors/

Websites built on two of the most popular content management systems used in publishing are being hacked and exploited to deliver ransomware and other malware to visitors.

Cyber criminals are exploiting vulnerabilities in plug-ins, themes and extensions on Wordpress and Joomla sites and using them to serve up Shade ransomware and other malicious content.

Researchers at security company Zscaler have detailed how attackers are using a hidden directory on HTTPS for malicious purposes. This well-known directory is commonly used by website owners to demonstrate ownership of the domain to the certificate authority that scans for code to recognise that the domain is validated.

However, by using exploits to gain access to these hidden pages, attackers can use them to hide malware and other malicious content from website administrators.

 

[shmu26]

You don't get infected by visiting the webpage. You get infected by stupidly downloading, unzipping and and executing the script file to which you received a link by spam mail:
"The spam emails usually contains link to the HTML redirector page hosted on the compromised site which downloads the malicious zip file. User needs to open the JavaScript file inside the ZIP and this JavaScript file will download the ransomware from the compromised site and execute it,"

In other words, the websites are just being abused as free online storage, that's all.