<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">
Nov 29, 2023 10:08:16 AM
Gleydson Soares
Gleydson Soares
Malware Analyst / Security Researcher

Joomla under attack through a fake-plugin

IM_joomla

Imunify360 researchers have identified a growing number of malicious redirects on Joomla CMS.

In this post, discover how Imunify360 is leading the charge against a sophisticated cyber threat targeting Joomla CMS. This post delves into the rise of malicious redirects caused by a deceptive fake-plugin, capable of injecting harmful scripts into websites. Learn about the insidious mechanism of this threat, which targets unsuspecting visitors with phishing and malware, and how Imunify360's advanced security measures, including its proactive scanner and comprehensive defense system, offer robust protection against such evolving cyber dangers. Protect your Joomla site with Imunify360's integrated antivirus, firewall, and WAF, ensuring the safety and integrity of your online presence.

The threat is caused by a fake-plugin that injects an arbitrary script to the website’s head content and loads a third-party URL with a malicious JS script, at this point,  the visitors are redirected to malicious phishing websites or any other malicious payload arbitrarily controlled by the attacker.


The malicious code path uses the usual pattern which skips logged users handling the routing accordingly then checking if the crafted cookie is already set, it has been designed to hide the behavior and hit normal users website’s access flow:

Mitigate Joomla fake-plugin redirection

A script is loaded into the website’s head silently, redirecting visitors to the arbitrary URL:

Mitigate Joomla fake-plugin redirection 2

Imunify360’s customers aren’t affected, there were signatures to detect and clean it up automatically, SMW-INJ-25186-php.joomla.fakeplugin.redi-0.

Its robust scanner works smoothly cleaning malware with no disruptions using its realtime technology. The scanner is just one of the several mitigation methods, Imunify360 has been designed to protect their server’s proactively on higher layers, avoiding even malicious code touching their file system.


In the face of rising threats to Joomla CMS, safeguarding your website is crucial. Imunify360 stands out as a comprehensive defense system, integrating antivirus, firewall, and WAF among other robust features. Its swift, proactive scanner, exemplified by the automatic cleanup of SMW-INJ-25186-php.joomla.fakeplugin.redi-0, highlights its efficacy. By embracing Imunify360, you fortify your server against evolving cyber threats, ensuring the integrity of your online assets through its advanced, integrated security components.

Consider installing Imunify360 to protect your server.

 

Protect Your Server

 

Joomla under attack through a fake-plugin

Nov 29, 2023 10:08:16 AM
Gleydson Soares Gleydson Soares

IM_joomla

Imunify360 researchers have identified a growing number of malicious redirects on Joomla CMS.

In this post, discover how Imunify360 is leading the charge against a sophisticated cyber threat targeting Joomla CMS. This post delves into the rise of malicious redirects caused by a deceptive fake-plugin, capable of injecting harmful scripts into websites. Learn about the insidious mechanism of this threat, which targets unsuspecting visitors with phishing and malware, and how Imunify360's advanced security measures, including its proactive scanner and comprehensive defense system, offer robust protection against such evolving cyber dangers. Protect your Joomla site with Imunify360's integrated antivirus, firewall, and WAF, ensuring the safety and integrity of your online presence.

The threat is caused by a fake-plugin that injects an arbitrary script to the website’s head content and loads a third-party URL with a malicious JS script, at this point,  the visitors are redirected to malicious phishing websites or any other malicious payload arbitrarily controlled by the attacker.


The malicious code path uses the usual pattern which skips logged users handling the routing accordingly then checking if the crafted cookie is already set, it has been designed to hide the behavior and hit normal users website’s access flow:

Mitigate Joomla fake-plugin redirection

A script is loaded into the website’s head silently, redirecting visitors to the arbitrary URL:

Mitigate Joomla fake-plugin redirection 2

Imunify360’s customers aren’t affected, there were signatures to detect and clean it up automatically, SMW-INJ-25186-php.joomla.fakeplugin.redi-0.

Its robust scanner works smoothly cleaning malware with no disruptions using its realtime technology. The scanner is just one of the several mitigation methods, Imunify360 has been designed to protect their server’s proactively on higher layers, avoiding even malicious code touching their file system.


In the face of rising threats to Joomla CMS, safeguarding your website is crucial. Imunify360 stands out as a comprehensive defense system, integrating antivirus, firewall, and WAF among other robust features. Its swift, proactive scanner, exemplified by the automatic cleanup of SMW-INJ-25186-php.joomla.fakeplugin.redi-0, highlights its efficacy. By embracing Imunify360, you fortify your server against evolving cyber threats, ensuring the integrity of your online assets through its advanced, integrated security components.

Consider installing Imunify360 to protect your server.

 

Protect Your Server

 
Subscribe to Imunify security Newsletter
aicpa soc
pci-dss
eu gdpr compliant
© All rights reserved. Imunify360 and CloudLinux Backup are the registered trademarks of CloudLinux Inc.