ionCube malware
News | 03/06/2018

The ionCube Malware hits three major CMS platforms

About: The ionCube malware is a highly suspicious malware infection which left a major impact on three major Content Management Systems. This malware program has suspicious obfuscated files which appear to be identical to the legitimate ionCu...  Read More  

| News | The ionCube Malware hits three major CMS platforms

The ionCube malware took three major Content Management System (CMS) by storm. It  has infected an extensive number of websites which run on a content management system. Basically, ionCube is an encoding technology which is used to protect PHP software from being viewed, altered or run on unlicensed computers.
According to the study conducted by SiteLock, the ionCube Malware has a number of suspicious obfuscated files which appear to be identical to the legitimate ionCube-encoded files. Here the trick is that the fake ionCube files also look identical to the legitimate ones but the legitimate ionCube files contain a reference to the ioncube.com domain, unlike the fake ionCube files.

Fake ionCube File

fake ionCube file in CMS
Legitimate ionCube File
genuine ionCube files

Its presence was initially discovered in the core directories of WordPress sites which featured the naming pattern associated with this malware, i.e. “diff98.php” and “wrgcduzk.php”. These malicious files appear to be encoded with ionCube and that is why the researchers named it as ionCube malware.
A deeper analysis conducted by researchers revealed that the ionCube malware has made its way to hundreds of websites. The attackers packed their malware in a manner that made it appear to be a genuine ionCube-encoded file. It has compromised the security of major sites because it has the potential to infect any website based on a web servers running on PHP. It has compromised the security of many WordPress, Joomla and CodeIgniter websites.
According to SiteLock, this malware has infected over 7,000 files in total and compromised the security of over 700 websites. The site administrators who did not install the ionCube encoded files and finds such files on the server should pay special attention because it’s likely that their site is infected. If you suspect your site to be infected then it is highly recommended to perform a site scan and go for the best malware protection. This will assure that your site is fully secure and this will also help you to get rid of this major threat if persistent.

Here is what you can do to prevent your website from getting infected –

  1. Keeping the Operating System Updated- In order to remain protected and avoid such infections, it is recommended to keep your Operating System updated by enabling the automatic update on your system. The systems with outdated or older versions of Operating System become an easy target for the attackers.
  2. Resist clicking on spam emails – One of the major techniques used for malware distribution is forwarding spam emails to the user. The system gets infected as soon as the user clicks on the attachment. These mails appear to be genuine, so be aware and resist falling for these tricks.
  3. Keep an eye on third party installations- It is quite important that you take due care while installing any third party applications for they are major source of such infections. Such malware programs come bundled with the free applications thereby requiring the user to remain cautious.
  4. Regular periodical backup- In order to keep your data and files safe, it is recommended to take regular back up of all your data and files either on an external drive or cloud.
  5. Use Anti-Virus Protection- We strongly recommend the use of antivirus protection/internet security in your PC like Sophos and BullGuard Internet Security so that it remains safe.
  6. Enable the Ad Blocker/Popup Blocker in your browser- Enabling the popup blocker/ ad blocker in your chosen browser will help you to stay protected from annoying malware.

Hits: 77

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Jaipur
Rajasthan 302033
Phone: +91 9799661866