Pirated WordPress Plugin From GoMafia.Com Will Lead To Hidden Malvertising

  • 99
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    99
    Shares

Security researchers from US firm Sucuri are warning WordPress site owners against installing pirated themes and plugins from the GoMafia.com website. During the most recent site cleaning operations, we discovered some encoded code in the footer of one of our client’s sites, loaded through a premium WordPress plugin , according to the company’s engineers.

While Unscrambling the data it was found that it loaded a JavaScript file from the GoMafia server. A close look at this file revealed that the crooks behind this campaign were embedding several items on the victim’s site. GoMafia is a portal that proclaims to provide access to pirated WordPress themes and plugins, from WordPress marketplaces such as CodeCanyon and ThemeForest.

Capture

The crooks were first inserting four HTML links to four different websites which includes GoMafia.com and the other three were all links to websites were registered by the same person, an Indian developer from Tamil Nadu, named Sathish Kumar, working for a Web development company called Kenzest.

pirated-wordpress-plugin-leads-to-hidden-malvertising-black-hat-seo-spam-504449-2

It is very obvious that Kumar had created GoMafia to distribute pirated WordPress plugins and themes that contained his malicious code. Users downloading content from GoMafia would end up with malvertising and hidden black hat SEO on their sites.

 

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply