Our security analysts recently discovered this new SocGholish JavaScript malware injection on many compromised WordPress websites. It was found inside all .js files that belongs to the WP core files, Themes and almost all plugins.
Now, It’s spreading quickly and we’re seeing it on more websites everyday. Hackers are actively exploiting and targeting outdated and vulnerable websites using outdated plugins, themes or WP versions to inject their malicious JavaScript code, In this case it is affecting all .js files.
MEMORYLOADER[.]COM is the most used malicious domain in this malware campaign so far. The domain was recently registered on May 20th 2024 as shown below:
Domain Name: MEMORYLOADER[.]COM
Updated Date: 2024-05-20T10:34:24Z
Creation Date: 2024-05-20T10:34:21Z
Registry Expiry Date: 2025-05-20T10:34:21Z
To illustrate the impact of MEMORYLOADER[.]com malware and MoeSec.com’s involvement, we present the following example and screenshot:
As shown in the above code snippet and screenshot, The malicious part starts from ;if (typeof zqxw to the end of the .js file. It’s using multiple functions and utilizing push and shift methods and techniques to scramble and hide the malicious code.
After beautifying and decoding the malicious javascript, It turned out to be loading malicious files from http://load.memoryloader[.]com/ such as a file called ui_cache.js and others which sets the cookies and redirect the user to other malicious URLs such as apicachebot[.]com and showing fake update popup window and redirecting users to random spam websites and serving ads and popups and trying to trick users to install malicious software to compromise their devices.
How to remove this infection?
You can query your database or search your files for any of the above code or domain and remove it followed by updating all used plugins and themes and remove unused ones, Change all passwords and implement security measures to protect your website from future attacks.
MoeSec.com’s Role in Combating Malware infection:
MoeSec.com, a trusted website security service provider, offers comprehensive protection against malware infections, including MEMORYLOADER[.]COM. By employing state-of-the-art security measures, MoeSec.com helps website owners detect, remove, and prevent malware infections.
Let’s take a closer look at how MoeSec.com tackles the threat of MEMORYLOADER[.]COM:
1. Malware Detection:
MoeSec.com utilizes deep AI and heuristic scanning techniques to identify the presence of MEMORYLOADER[.]COM malware or any abnormal behaviors within a website’s code. By conducting regular scans, the service can quickly detect potential threats and take appropriate action.
2. Malware Removal and Cleanup:
Upon identifying malware, MoeSec.com’s certified security experts promptly initiate the removal and cleanup process. This involves thoroughly cleaning the website’s files and database, eliminating injected malware, spam, phishing attempts, backdoors, and malicious users. Additionally, MoeSec.com ensures that the website is removed from all blacklists.
3. Website Firewall Protection:
To safeguard websites from future attacks, MoeSec.com deploys a cloud-based website firewall (WAF). This advanced security measure actively blocks malicious traffic and implements protective measures to prevent potential threats. By employing the latest security protocols, MoeSec.com fortifies websites against MEMORYLOADER[.]COM and other malware attacks.
