Joomla targeted in WordPress campaign that delivers TeslaCrypt

The cyber-gang behind the ongoing WordPress malvertising campaign is now targeting Joomla sites.

Rackspace security researcher Brad Duncan spotted the open-source content management platform being targeted by the same attacks that leveraged the  ‘admedia' and ‘megaadvertise' platforms to deliver malicious payloads onto thousands of WordPress sites, according to a 18 February blog post.

However, the threat is not as widespread with Joomla. Denis Sinegubko, a researcher at Sucuri, told Threatpost the number of infected Joomla sites is smaller by an order of magnitude. In part because Joomla's market penetration is much smaller than WordPress.

Duncan told Threatpost “we are starting to see the same traffic characteristics in infections that are associated with Joomla sites – as we did with the WordPress campaign.”

The sites are compromised by malicious code attached to the end of JavaScript files and the exploit kits generally deliver the TeslaCrypt ransomware, Duncan said.