Global CyberSecurity

Xjquery Wave of WordPress SocGholish Injections


Published on 05/09/2023 – Last Updated on 05/10/2023 by OTC

In November, 2022, my colleague Ben Martin described how hackers were using zipped files and encrypted WordPress options stored in the database to inject SocGholish scripts into compromised WordPress sites. A bit later, we documented minor changes in the way this malware worked.

By the end of March, 2023, we started noticing a new wave of SocGholish injections that used the intermediary xjquery[.]com domain. It appeared to be another evolution of the same malware.

Continue reading Xjquery Wave of WordPress SocGholish Injections at .

How x-default can help you

Previous article

DEFEA 203 Scytalys THEON SENSORS EFA Group night vision thermal imaging Greece defense industry

Next article

You may also like


Comments are closed.