A new malware has been discovered called BabaYaga. This malware has the ability to remove its competition, which means, this malware can remove other malware. This new malware is discovered by Wordfence.
What Is BabaYaga?
BabaYaga is a malware which infects WordPress websites. This malware will create spam content to publish on victim’s website.
When a user visits the infected websites, they get redirected to affiliate website by embedded JavaScript code. And when a user makes any purchase from the destination website, attackers will get income from it.
This trick works for not so tech savvy people, they generally fall for it as they are unable to identify malicious redirection.
How Does It Work?
BabaYaga will generate and host content on the infected websites. Web pages will contain keywords which will attract traffic. And once the user visits the infected website it will redirect them to another website, and when user purchase anything from the malicious websites the attackers will get the commission.
BabaYaga is a smart malware which contains different countermeasures, that helps in remaining active.
This malware primary file contains different identical copies of the malware which are hidden using various techniques. This helps the malware to stay hidden and even if one file is caught and removed other files will remain active. And complete infection is launched even if the single file is present.
Also Read : The Correlation Between Social Media And Malware Infections
Features Of BabaYaga Malware:
- Downloads updated copies from the server.
- Infects multiple websites with the shared hosting accounts.
- Access to the file manager, shell command execution and other systems using WSO shell.
- Download full copy of itself from only one file.
- Malware killer.
- Attackers use two different file uploaders that are used to upload random files to victim’s websites manually.
How To Stay Protected?
- Keep your website updated.
- Install patches regularly so the vulnerabilities are removed.
- Watch vendors that execute codes from the websites that run PHP scripts.
- Scan websites for identifying unauthorized code.
- Keep a good malware protection service installed.
BabaYaga is a malware that also has some useful features, and if it were not a malware then this program could be used for other purposes also.
- To repair and upgrade WordPress application. With the removal of backup files if the upgrade fails.
- It can remove other malware. BabaYaga is capable of removing other malware which can harm websites and are capable of doing same work as BabaYaga. This means it can work as a malware removal tool.
BabaYaga is a smart breed of malware which can harm the websites and its visitors. Necessary steps should be taken to remove the malware.
General Steps To Remove The Malware And Stop Redirecting To Malicious Websites:
- Do not visit untrusted websites.
- Keep a check on the links you are being redirected.
- Keep a good antivirus software installed on your system.
- Install regular updates provided by the applications manufacturers.
- Do not click on unknown links.
Must Read : MysteryBot: A New Threat To Your Banking Apps
Criminals are getting smarter by the day and are developing more advanced malware. Some malware infect user’s system other infect servers and websites. This malware can get into any device and transfer them onto others. Necessary steps should be taken to get rid of these devices. This BabaYaga malware was present previously, however, with enhanced functionality this malware has become nasty and can perform serious damage.