Introduction:
In the world of cybersecurity, malware infections and website redirections pose significant threats to users’ online safety. One such malware is Mal.Metrica, known for its malicious activities and ability to redirect users to unauthorized websites. In this article, we will delve into the details of MalMetrica malware, explore its infection methods, and examine how MoeSec.com plays a role in combating such threats. We will also provide examples and screenshots to better illustrate the impact of this malware.
Understanding Mal.Metrica Malware:
It typically infects websites through various means, such as exploiting vulnerabilities in outdated software such as vulnerable themes or plugins as in this case where the victim website was using the “Responsive” WordPress vulnerable theme. Using nulled or pirated themes or plugins can be another reason for that as well as compromised passwords or devices used to manage the website so it’s highly recommended to change your passwords periodically and never use it on other websites and use a reputable antivirus product to protect your devices.
Mal.Metrica Malware Redirection:
One of the significant characteristics of Mal.Metrica is its ability to redirect users to unauthorized websites. These redirections can lead to phishing sites, malicious downloads, or other harmful online destinations. The malware achieves redirection by modifying the website’s code or injecting malicious scripts that alter the normal flow of user traffic.
An Example of the Mal.Metrica Malware Redirection:
We discovered this on one of the compromised websites that we were working on fixing it and it was using the vulnerable “Responsive” WordPress theme. Now, It’s spreading quickly and we’re seeing it on daily basis. Hackers are actively exploiting and targeting websites using this vulnerable WordPress theme and injecting their malicious JavaScript code into files and database mostly injected and found in the wp_options table so it needs to be removed from the database and any affected or infected files too.
rapid.tmediacontent[.]com & gemfowls[.]com are the most used malicious domains in this malware campaign so far. Both domains were recently registered in April 2024 as shown below:
Domain Name: TMEDIACONTENT[.]COM
Registry Domain ID: 2870413812_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2024-04-08T01:05:27Z
Creation Date: 2024-04-08T00:56:32Z
Registry Expiry Date: 2025-04-08T00:56:32Z
*Also, Another domain:
Domain Name: GEMFOWLS[.]COM
Registry Domain ID: 2868837352_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: http://www.enomdomains.com
Updated Date: 2024-04-02T11:48:58Z
Creation Date: 2024-04-02T11:48:58Z
Registry Expiry Date: 2025-04-02T11:48:58Z
To illustrate the impact of Mal.Metrica malware and MoeSec.com’s involvement, we present the following examples and screenshots:
![rapid.tmediacontent[.]com](https://moesec.com/assets/uploads/2024/05/tmediacontent-redirect-1536x829.webp)
It starts by showing this verification page followed by a redirect loop to random Spam, Phishing and scam websites.
As shown above, This website is using the vulnerable “Responsive” WordPress Theme and the malicious domain rapid.tmediacontent[.]com was injected within the footer-copyright section in their wp_options database table to cause redirects to other malicious websites.
Some of the other known malicious domains are:
rapid.tmediacontent[.]com
gemfowls[.]com
gll.metricaga[.]com
synd.edgecdnc[.]com
host.gsslcloud[.]com
fast.quickcontentnetwork[.]com
static.rapidglobalorbit[.]com
secure.globalultracdn[.]com
metrics.gocloudmaps[.]com
cache.cloudswiftcdn[.]com
content.gorapidcdn[.]com
cdn.metricastats[.]com
gll.metricaga[.]com
go.syndcloud[.]com
cloud.edgerapidcdn[.]com
ga.cdzanalytics[.]com
syndication.gcdnanalytics[.]com
cdn.metricastats[.]com
host.cloudsonicwave[.]com
secure.gdcstatic[.]com
content.streamfastcdn[.]com
How to remove this infection?
You can query your database or search your files for any of the above domains and remove it followed by updating all used plugins and themes and remove unused ones, Change all passwords and implement security measure to protect your website from future attacks.
MoeSec.com’s Role in Combating Mal.Metrica:
MoeSec.com, a trusted website security service provider, offers comprehensive protection against malware infections, including Mal.Metrica. By employing state-of-the-art security measures, MoeSec.com helps website owners detect, remove, and prevent malware infections.
Let’s take a closer look at how MoeSec.com tackles the threat of Mal.Metrica:
1. Malware Detection:
MoeSec.com utilizes deep AI and heuristic scanning techniques to identify the presence of Mal.Metrica malware or any abnormal behaviors within a website’s code. By conducting regular scans, the service can quickly detect potential threats and take appropriate action.
2. Malware Removal and Cleanup:
Upon identifying malware, MoeSec.com’s certified security experts promptly initiate the removal and cleanup process. This involves thoroughly cleaning the website’s files and database, eliminating injected malware, spam, phishing attempts, backdoors, and malicious users. Additionally, MoeSec.com ensures that the website is removed from all blacklists.
3. Website Firewall Protection:
To safeguard websites from future attacks, MoeSec.com deploys a cloud-based website firewall (WAF). This advanced security measure actively blocks malicious traffic and implements protective measures to prevent potential threats. By employing the latest security protocols, MoeSec.com fortifies websites against Mal.Metrica and other malware attacks.
