Malicious WordPress Campaign Uses Steam Profiles to Hide C2 Data
Photo: BleepingComputer
Quick answer
Исследователи обнаружили масштабную вредоносную кампанию, затронувшую около 2000 сайтов на базе WordPress. Злоумышленники внедряют вредоносный код, который использует комментарии в профилях Steam Community для хранения данных командных серверов (C2). Такой подход усложняет обнаружение угрозы и позволяет обходить традиционные механизмы защиты.
Cybersecurity experts have identified a new tactic employed by attackers targeting websites running on the WordPress platform. During the attack, malware conceals critical data for managing infected systems within comments on Steam Community user profiles.
According to experts, the attack has impacted nearly 2,000 resources. The malicious code extracts command server information from pre-prepared Steam profiles, enabling attackers to dynamically modify control parameters without direct interaction with infected sites.
This method significantly complicates threat detection, as traditional security tools often do not analyze activity associated with gaming platforms. Experts note that attackers are increasingly using legitimate services to hide malicious activity, necessitating enhanced monitoring of atypical requests by website owners.
To protect against such threats, it is recommended to regularly update CMS and plugins, implement multi-factor authentication, and deploy solutions for detecting anomalies in network traffic. WordPress site owners are also advised to check user comments and profiles for suspicious links or unusual data.
Common questions
- Common questions
- Исследователи обнаружили масштабную вредоносную кампанию, затронувшую около 2000 сайтов на базе WordPress. Злоумышленники внедряют вредоносный код, который использует комментарии в профилях Steam Community для хранения данных командных серверов (C2). Такой подход усложняет обнаружение угрозы и позволяет обходить традиционные механизмы защиты.
Dzen feed: /feed/dzen.xml · RSS: /feed.xml