Crooks are utilizing hidden “well-known” directories of HTTPS sites running WordPress and Joomla websites to store and serve malicious payloads.
Hacked websites were used for several malicious purposes, experts observed compromised WordPress and Joomla websites serving Shade/Troldesh ransomware, coin miners, backdoors, and some times were involved in phishing campaigns.