Xjquery Wave of WordPress SocGholish Injections
In November, 2022, my colleague Ben Martin described how hackers were using zipped files and encrypted WordPress options stored in the database to inject SocGholish scripts into compromised WordPress sites. A bit later, we documented minor changes in the way this malware worked.
By the end of March, 2023, we started noticing a new wave of SocGholish injections that used the intermediary xjquery[.]com domain. It appeared to be another evolution of the same malware.
Continue reading Xjquery Wave of WordPress SocGholish Injections at .
Read more: Xjquery Wave of WordPress SocGholish Injections
Story added 9. May 2023, content source with full text you can find at link above.