Ion cube malware , The worst malware you could ever see .
Do you mind if you take just 2 minutes out of your time to see whats going on there on these infected websites ?
If you are reading this article now , Then of a big percentage you know what is meant by “malware” .
But here I am talking about this bad one “Ion Cube Malware” ,
After a huge search for more than 2 weeks “We” found that Ion cube malware is not just a 1 person work , It is definetly a huge team behind this , They target any website built in PHP programming language , They generate files similar to the real Ion Cube encoder files and unfortunately if you decided to remove the generated files manually you will just waste a very long time and the result will be “The malware still existing HA HA HA ” , This malware differs from another Malwares , Yes I said it generates PHP files that include automatically generated variables , functions , hashes , base64 encoded strings , etc…
However, Unfortunately you will think that they only generate files or edit existing file in your website/s , Whatever your website framework/CMS is , You may think that they do this black things to “Mine Crypto currencies” , Yes I thought they were doing this , But I didn’t find any up-normal CPU Usage on my PC , After wasting long time investigating this , I found that they insert posts into your wordpress website that contain links to websites they are doing “link building” for them , Yes they are backlinking websites in this black hat way , They inject posts in your database , Then the posts are being indexed in google including the URLS they are building links for .
What kind of Platforms they are targeting ?
They target WordPress CMS 100% as they wrote the malware using wordpress built in functions as:
“global $wpdb”,”wp_insert()”,”site_url()” etc..
But what is the problem with wordpress ?!
WordPress as just a core files is very secure , Vulnerabilities free ,
However , When we are talking about +50k plugins in their store , Then we can say it is not that 100% secure place ,
Yes it depends on what plugins you are using in your website , If the reputation and rating for the plugin are bad or even not found , Please be safe and look for another popular plugin , They get into websites using this black ideas , When the website is infected , They can then extend the infection to all PHP files found on the server ..
Don’t delete the files generated , You are not doing anything towards solving the problem , As I mentioned before you are just wasting your time , When you cut a part of a snake , It doesn’t take much time for recovery and getting back to attack you , The only way to solve this is not to clean the poison coming out of its mouth , You have to hit the head and hitting the head of this malware comes only when you detect where these evil functions exist ..
We are working on a small script to help you detect all related files to this plugin but till we finish , please take a look at your wp_posts table , and clean it so that they can’t make use of your website reputation ,
Also don’t search for the posts content in the coding , You will never find even a word , The content is coming from another servers from a text files using CURL PHP method and the files are generated by the same way ,
If you can’t wait and want to solve this problem immediately , we are here available to solve this problem , Just contact us at anytime and We can hit the head of the snake for you .