22 Feb, 2023

How Quttera Can Help You Uncover WordPress Malware on Your Sites

Quttera recently discovered WordPress malware that could do significant damage if left unchecked. Here's how we can help protect your website.
WordPress is one of the most used web development platforms, and for good reason. But WordPress users should maintain awareness of potential threats that could impact their site. Quttera recently discovered WordPress malware that could do significant damage if left unchecked.

Being proactive is integral to good cyber hygiene - it's how you stay ahead of the curve on data breaches and other cyber attack-related complications. With information like this in mind, you'll be able to operate your site without disruptions.

This post will look at a specific infection observed in WordPress sites in which website visitors are redirected via something known as a traffic direction system. We'll also discuss what you can do to combat this type of infection from affecting your site and harming your digital operations.
The Malware in Question
At Quttera, we don't just offer a platform with malware-scanning capabilities. We also perform regular public scans ourselves. This is so we can stay informed on the current threat landscape, providing updates and pivoting as needed.

Based on data collected from our public malware scanner available at Quttera.com, along with additional data from our malware research team at ThreatSign, we came to the following conclusion: multiple WordPress websites have become infected by malware redirecting website visitors to traffic direction systems (TDS). The redirect sends the visitor to a random website.

One potential issue with the redirect is how it is injected into the website. The infected can either become injected in a clean or obfuscated format. This makes it difficult for the website operator to catch the initial infection.
Where Does the Redirection Start?
Now that you understand how the redirect works, you'll want to know some background information on where this WordPress malware sends your visitors.

Here is a list of domains from which the redirection can start in the cases we currently have visibility into:

  • news[.]weatherplllatform[.]com
  • way[.]specialblueitems[.]com
  • track[.]violetlovelines[.]com

Additionally, here are the websites that are part of the TDS:

  • long[.]interestmoments[.]com
  • shop[.]similarwebline[.]com
  • js[.]interestmoments[.]com
  • thirawogla[.]com
  • www[.]igetdatracking[.]com
  • www[.]remotejobstaffing[.]com
  • final[.]similarwebline[.]com
  • dns[.]firstblackphase[.]com
  • cdn[.]violetlovelines[.]com
How Many Websites are Currently Infected?
Based on Quttera's public, open research, we've been able to ascertain there are around 10,000 websites infected so far. That's a tiny drop in the bucket when you look at how many websites there are on the internet.
That figure may be a small number when you're talking about all websites, but that's small comfort for anyone who owns an infected website. But it's also a testament to the malware's ability to spread quickly. Protecting your website means fortifying it from any known threats; there's plenty you can do to address this.

One way to prevent the threat is to detect it before it causes a problem. There's another challenge associated with that idea, however.
Overall Detection Levels of This Malware
Of course, you'll want to have a way to detect this WordPress malware before it impacts your website. The issue is that your ability to detect the malware is only as reliable as the platform you use for detection. And if your platform can't find the malware, you might suffer from an infection.

Quttera performed research into a number of antivirus vendors, and the results were not favorable. Based on VirusTotal information we were able to find, only 15 of 90 registered vendors detected these kinds of infections.
If you use one of the 15 platforms that can detect the issue, that's fine. But what if you use one of the 75 others that cannot? That leaves you exposed to a severe vulnerability that can compromise the security of your website visitors. If they're redirected to the wrong site and suffer additional consequences impacting their own devices and systems, they may want to avoid revisiting your site.

That shows just how important it is to partner with the right vendor for your antivirus detection needs. You'll want a vendor with a comprehensive suite of detection services and the ability to respond to a breach when it occurs. Next, let's examine the process involved in determining whether your site is infected.
How to Check if This Malware Infects Your Site
Building awareness of the threat itself is the first step. The second step is monitoring your own website to ensure it hasn't infected you. You'll want to use a tool that can tell you the information you need about your site's current security levels. Before you do the painstaking research to find the right tool, know that Quttera can give you this essential information. Best of all, we can provide it free of charge.

Quttera offers a free public malware scanner. This scanner provides you with a detailed website analysis. You'll receive information about all the redirection pages, equipping you with the data you need to make informed choices on your next steps in fixing your WordPress site.

While being aware of the problem is a significant and necessary first step, you'll also have to take action. This can seem overwhelming if you're not a cybersecurity expert. Quttera also has solutions for that challenge.
How to Stay Protected from This and Other Infections
This redirect and TDS infection can seem daunting, but with the right platform on your side, it can be handled efficiently and effectively. Quttera's ThreatSign! web malware monitoring and protection platform gives you all the tools you need to stay safe and informed.

Maintaining proper website security means being both proactive and reactive, depending on the type of threat. Quttera arms you with the ability to do both. With ThreatSign! you can both detect and cure infections automatically. The platform can also secure and protect you from further malware attacks. You'll be able to breathe easier knowing that you have the tools you need in your fight against your next hacking.

If you're looking for a proven provider of cybersecurity results, don't look any further. Reach out to Quttera today for more on how we can protect you from WordPress malware.