The cyber-gang behind the ongoing WordPress malvertising campaign is now targeting Joomla sites.
Rackspace security researcher Brad Duncan spotted the open-source content management platform being targeted by the same attacks that leveraged the ‘admedia' and ‘megaadvertise' platforms to deliver malicious payloads onto thousands of WordPress sites, according to a 18 February blog post.
However, the threat is not as widespread with Joomla. Denis Sinegubko, a researcher at Sucuri, told Threatpost the number of infected Joomla sites is smaller by an order of magnitude. In part because Joomla's market penetration is much smaller than WordPress.
Duncan told Threatpost “we are starting to see the same traffic characteristics in infections that are associated with Joomla sites – as we did with the WordPress campaign.”