Google blacklisted more than 10,000 domains compromised with a piece of malware dubbed SoakSoak, according to virus researchers.
Up to 100,000 WordPress sites may be vulnerable to the malicious campaign, Sucuri said. Any version of WordPress that uses a popular slideshow plugin called â€œSlider Revolutionâ€ or RevSlider can fall victim to SoakSoak.
In September, researchers discovered a zero-day vulnerability in the plugin that allows an attacker to download any file from the siteâ€™s server, including database credentials, and compromise the website via the database. The problem lies in the way the plugin is wrapped into theme packages. When it becomes part of a theme, RevSliderâ€™s automatic update mechanism is usually disabled and manual updates need to be performed in a process prone to error.
The Russian domain attackers use to get malware is currently down.
The campaign caused both revenue and reputation losses for WordPress blog owners blacklisted by Google.