SoakSoak Malware Compromises 100,000+ WordPress Websites
News of a malware campaign against WordPress has been doing the rounds since owners and webmaster of wordpress blogs found out about websites getting blacklisted by Google. Around 11,000 domains had been blocked due to the latest malware campaign which has now swelled to 100,000. This campaign has been brought by SoakSoak.ru, thus being dubbed the ‘SoakSoak Malware’ epidemic.
SoakSoak malware modifies the file located at wp-includes/template-loader.php which causes wp-includes/js/swobject.js to be loaded on every page view on the website and this “swobject.js” file includes a malicious java encoded script malware.