Home Hacking News Pirated WordPress Plugin From GoMafia.Com Will Lead To Hidden Malvertising

Pirated WordPress Plugin From GoMafia.Com Will Lead To Hidden Malvertising

by Unallocated Author

Security researchers from US firm Sucuri are warning WordPress site owners against installing pirated themes and plugins from the GoMafia.com website. During the most recent site cleaning operations, we discovered some encoded code in the footer of one of our client’s sites, loaded through a premium WordPress plugin , according to the company’s engineers.

While Unscrambling the data it was found that it loaded a JavaScript file from the GoMafia server. A close look at this file revealed that the crooks behind this campaign were embedding several items on the victim’s site. GoMafia is a portal that proclaims to provide access to pirated WordPress themes and plugins, from WordPress marketplaces such as CodeCanyon and ThemeForest.

Capture

The crooks were first inserting four HTML links to four different websites which includes GoMafia.com and the other three were all links to websites were registered by the same person, an Indian developer from Tamil Nadu, named Sathish Kumar, working for a Web development company called Kenzest.

pirated-wordpress-plugin-leads-to-hidden-malvertising-black-hat-seo-spam-504449-2

It is very obvious that Kumar had created GoMafia to distribute pirated WordPress plugins and themes that contained his malicious code. Users downloading content from GoMafia would end up with malvertising and hidden black hat SEO on their sites.

 

You may also like