Global CyberSecurity

New Wave of SocGholish cid=27x Injections


Published on 11/24/2022 – Last Updated on 11/24/2022 by OTC

On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads zipped malicious templates from WordPress theme and fake plugins files before extracting the SocGholish script, which is saved as an encrypted value inside the wp_option table of the WordPress database. One of its distinguishing features is the cid=272 parameter included in the SocGholish URLs.

During the past two weeks, cid=272 has quickly become the second most prevalent variation of SocGholish infection (after NDSW/NDSX) with 100+ detections per day on average.

Continue reading New Wave of SocGholish cid=27x Injections at Sucuri Blog.

WP-CLI: How to Install WordPress via SSH

Previous article

Discover new Nexter Narwhal remote-controlled naval weapon station 20mm cannon & Akeron MP missile

Next article

You may also like


Comments are closed.