WordPress malware campaign hides payloads in Steam profiles

WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.

Malware targeting WordPress abuses Steam community profiles for command & control operations - Security On Screen by The Security Industry Group

GoDaddy researchers have reported malware infecting almost 2000 WordPress sites that employs steganographic comments hosted on Valve’s Steam platform to acquire its command-and-control instructions. Rather than relying on self-hosted infrastructure, attackers embedded C2 instructions inside public Steam community and profile comments, hiding these using several invisible Unicode characters. The malware was designed to fetch Steam […]

GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure

GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure