Popular content management system (CMS) Joomla has been hit with new spam campaigns recently. As per a report by Check Point Research, a threat actor who goes by the name ‘Alarg53’ has intruded many Joomla-powered websites by exploiting a security flaw.
The CMS’ mail service, Jmail, was the primary target of the attack. By abusing Jmail, new phishing and spamming infrastructure could easily be set-up.
How does it work?
Who is the attacker - Alarg53 has a notable history in the cybercrime space. It is reported that he has hacked more than 15,000 websites in the last few years. His trademark signature is to replace affected websites with a sign saying ‘Hacked by Alarg53’.
“Two years ago, Alarag53 gained worldwide attention by attacking The Biology of Aging Center at Stanford University’s website. At first, it was thought to be just another 'Hacked By Alarg53' attack, but within a few hours, two PHP files were uploaded to the relevant servers enabling them to send large amounts of spam mail,” Check Point researchers wrote.
What can you do to defend yourself - As of now, there are no remedies for this problem. However, website owners are advised to keep Joomla updated with the latest version -- 3.9.3.