SoakSoak Malware Compromises Over 100,000 WordPress Sites

/ 3 years ago


Security provider Sucuri has discovered a new form of malware that has infected over 100,000 WordPress sites. The Malware, dubbed ‘SoakSoak’, has resulted in 11,000 sites being blacklisted by Google for security reasons. Websites infected with SoakSoak are vulnerable to unstable behaviour, including randomised redirects to – the origin of the disruptive software – and forcing malicious files to download to the site visitor’s computer.

SEE ALSO:  Lenovo Settles Over the Built-In Spyware Scandal

According to Sucuri’s blog:

SoakSoak malware modifies the file located at wp-includes/template-loader.php which causes wp-includes/js/swobject.js to be loaded on every page view on the website and this “swobject.js” file includes a malicious java encoded script malware.


For any owner of a WordPress blog concerned about website security, Sucuri offers the free SiteCheck tool to scan a site for malware, available on its website.

Source: Tech Worm

Topics: ,

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!