IonCube Malware

Fake IonCube Malware Found in the Wild

Target: Web servers running PHP

Attack Vector: Remote code execution using fake ionCube files

Summary: Obfuscated files that appear almost identical to legitimate ionCube-encoded files have been deemed malicious. The fake files bear names similar to ionCube’s file names that aim to disguise their real purpose of executing remotely supplied code that allows access to, and control of, a victim’s device. Currently, over 700 websites and 7000 files have been identified as infected.

Risk assessment summary: The threat is assessed as 3e MODERATE with the likelihood rated as POSSIBLE. If successful, victims could potentially hand over control of their systems due to remotely supplied code executed via a fake ionCube file. However, only web servers running PHP are vulnerable. Although there are differences between the fake and legitimate files identified, it is difficult to differentiate between the two. The fake files can easily be missed, therefore it is important that a malware scanner is utilized to identify the issue.

One thought on “IonCube Malware”

  1. Hello my loᴠed one! I wish to say that this post is amɑzing,
    nice written and inclᥙde almօѕt aⅼl vital infos.

    Ӏ woᥙld like to peer extra posts like this .

Leave a Reply

Your email address will not be published. Required fields are marked *