Strains of ransomware have been detected on Joomla domains, revealing a disturbing evolution of the malware's attack vectors. According to Brad Duncan, attacks based on the "admedia" campaign have shifted from the traditional target of websites supported by the WordPress content management system, and instead, have graduated to also hunt down vulnerable Joomla CMS Web domains.
The strings revealed an admedia iframe injection which led not only to the installation of multiple backdoors, but the admedia malicious domains generated on these sites sent unwitting visitors to an exploit kit containing the TeslaCrypt ransomware.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland