Hackers are using the popular jQuery library to inject malicious code into websites powered by WordPress and Joomla. It’s a fairly widespread issue: Since November 2015, Avast has registered more than 4.5 million users who encountered the infection.
Malicious code was found in almost 70 million unique files on hacked websites.
According to Avast researcher Alexej Savcin fake jQuery injections have been very popular among hackers, because jQuery itself is popular.
Perhaps it was only a matter of time until such a well-known library gets the attention of those who want to use it for different purposes other than web coding—but Savcin said that one of the most popular infections of the last couple of months is an attack that injects fake jQuery script into the head section of CML websites powered by WordPress and Joomla.
The script is a bit stealthy—the researcher noted that it’s located in such a way that normal visitors wouldn’t notice anything amiss unless they look into source code.
The number of hacked domains (70 million) that are used as a source for malicious JS code is abnormally high, which is why this kind of attack was and still is very popular on a daily basis.
To remediate the issue, Savcin recommends starting with the basics: “Reset your password. If it doesn’t help, you can leverage tools like phpMyAdmin and Adminer to log into your database directly, bypassing your Admin login page and resetting your user in the users table,” he advised. Once in, the site’s database and files should be restored from a backup version. Once clean, webmasters shouldn’t forget to update their installations; older versions are naturally more prone to hacks than newer versions.
SOURCE: Tara Seals