Security researchers are warning WordPress and Joomla admins of a sneaky new malware strain masquerading as legitimate ionCube files. The malware, dubbed ionCube Malware, is used by cybercriminals to create backdoors on vulnerable websites allowing them to steal data or plant more malware.
In the two weeks since it was first discovered, researchers said that the malware has been found on over 800 mostly small business websites running the CMS platforms WordPress, Joomla and CodeIgniter. According to SiteLock, which found the malware, it is unique because the malware is both encoded and formatted to look like a legitimate ionCube file.
IonCube is a commercial PHP scrambler that turns text-based PHP files – used to create dynamic content on websites – into an undecipherable code often to hide the intellectual property associated with licensed PHP files.
