A new piece of Russian malware dubbed SoakSoak has infected more than 100,000 Wordpress sites since Dec. 14, possibly stealing information from anyone using the platform.
Security firm Sucuri says the malware uses a slideshow plug-in called Slider Revolution to find a way into a WordPress site, according to Gizmodo. Although Slider Revolution has patched the vulnerability, older versions are still being used on WordPress, so it's still accessible. Already Google has blocked 11,000 infected domains.
Users must update the plug-in and manually update "if the theme package isn't updated," Sucuri reported. The infection is a big deal considering that more than 70 million sites use WordPress as their content management system. The infection does not affect personal blogs, but self-hosted sites using the WordPress platform that may be using the plug-in Slider Revolution.
It's unclear what the malware intends to do, but it's likely there to steal some kind of data from users. Those who are using WordPress should pay attention to Sucuri's blog and secure their platform.
