The ionCube malware took three major Content Management System (CMS) by storm. It has infected an extensive number of websites which run on a content management system. Basically, ionCube is an encoding technology which is used to protect PHP software from being viewed, altered or run on unlicensed computers.
According to the study conducted by SiteLock, the ionCube Malware has a number of suspicious obfuscated files which appear to be identical to the legitimate ionCube-encoded files. Here the trick is that the fake ionCube files also look identical to the legitimate ones but the legitimate ionCube files contain a reference to the ioncube.com domain, unlike the fake ionCube files.
Fake ionCube File
Legitimate ionCube File
Its presence was initially discovered in the core directories of WordPress sites which featured the naming pattern associated with this malware, i.e. “diff98.php” and “wrgcduzk.php”. These malicious files appear to be encoded with ionCube and that is why the researchers named it as ionCube malware.
A deeper analysis conducted by researchers revealed that the ionCube malware has made its way to hundreds of websites. The attackers packed their malware in a manner that made it appear to be a genuine ionCube-encoded file. It has compromised the security of major sites because it has the potential to infect any website based on a web servers running on PHP. It has compromised the security of many WordPress, Joomla and CodeIgniter websites.
According to SiteLock, this malware has infected over 7,000 files in total and compromised the security of over 700 websites. The site administrators who did not install the ionCube encoded files and finds such files on the server should pay special attention because it’s likely that their site is infected. If you suspect your site to be infected then it is highly recommended to perform a site scan and go for the best malware protection. This will assure that your site is fully secure and this will also help you to get rid of this major threat if persistent.
Here is what you can do to prevent your website from getting infected –
Hits: 94
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.