A new malware that masqurades as ionCube files are plaquing WordPress sites according to Sitelock. The ionCube malware creates a backdoor to steal data or to inject different types of malware. Chris Olson, CEO at The Media Trust commented below.
Chris Olson, CEO at The Media Trust:
“Many consumer-oriented websites–retail, travel, etc.–use a script encoder tool to thwart those looking to scrape websites for intellectual property like pricing information. In the current scenario, it’s likely ionCube’s legitimate presence in a third-party plugin is being used to obfuscate malicious intent. The use of third-party code to penetrate a website is not new, and will continue until enterprises understand how to more effectively secure their digital environment. This recent scenario underscores the importance of diligently and continuously monitoring all executing code, especially code provided by digital partners that may only execute in the browser and outside the purview of the IT infrastructure.”