New Wave of SocGholish cid=27x Injections

On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads zipped malicious templates from WordPress theme and fake plugins files before extracting the SocGholish script, which is saved as an encrypted value inside the wp_option table of the WordPress database. One of its distinguishing features is the cid=272 parameter included in the SocGholish URLs.

During the past two weeks, cid=272 has quickly become the second most prevalent variation of SocGholish infection (after NDSW/NDSX) with 100+ detections per day on average.

Continue reading New Wave of SocGholish cid=27x Injections at Sucuri Blog.

Posted in

About Us

I believe that everyone should have a mechanic that they can trust and after spending several years helping out various customers for large companies I've seen my fair share of issues.

Honesty, Integrity, and Compassion are what we share with everyone that we work with. Stop scouring the internet for help and see how we can help you today.

Our Services

Website Migrations

Plugin & Theme Updates

IDX Broker Customizations

Facebook Chatbots

DNS & Email Integrations