Joomla Templates Under Hacking Attack

BaCde  2415天前


This short post is about recent attack that targets the Joomla! Content Management System's and specifically its templates. We decided that it is worth to spread the word about it after our malware experts resolved numerous similar incidents.

Attack On Joomla! Templates

The file index.php contains a malicious script that calls its main component like the snippet below:

Joomla! malware

But if you view the site source via the web, the added script just before the head tag looks like this:

Joomla! malware

Note: For stat88b.php, 88b is a three random hexadecimal number. It can be 012, ab0, etc.

For this file is obfuscated.

Joomla! malware

Adding the above script causes redirection to h t tp:// and download malicious flash player (As of this time, the link is inaccessible)

You can see the decrypted code here:

Is your website flagged for malware, blocked by the search engines or disabled by the host?

Our experts are here to clean up any malware from your sites and remove false-positives, blacklisting and other kinds of alerts by any security vendor and search engines. Just select from suitable ThreatSign! Anti-Malware Plan and get back online.