WordPress malware poisons images on Google Image search

If you own a blog, whether it be for personal or professional use, chances are you are probably running in on WordPress, a popular platform for both personal and professional blogs/websites. It appears that there is a new form of malware for the platform that has affected over 4,000 WordPress sites, as discovered by Russian research Denis Sinegubko.

This form of malware takes popular images on the infected WordPress site and displays them when users search for it on Google’s web search or Google’s Image search. Clicking on the infected picture will then lead you to a malicious websites which will attempt to trick the viewer into installing fake security software.

The good news is that less than 5% of the websites have been flagged as harmful to the user by Google, but the bad news is that these websites seem to be running on the latest version of WordPress which is rather worrying. At the moment it seems to be random websites that have been affected as not all WordPress websites hosted on the same affected hosts have been infected by the malware.

It seems to remain a mystery as to how these sites got themselves infected, but it’s pretty scary when you think about it. Let’s hope that a fix arrives soon and that Google’s flagging feature will flag the affected sites.

Tyler Lee
Categories: Web
Tags: Google, Malware, wordpress