The newest version of Joomla!, version 3.8.9, was released on June 26, 2018. This version addresses two minor security vulnerabilities and several other bugs which caused errors in the application’s core.
Category: Shell / Information Disclosure
Trend Identified: 4/20/2017
CVE ID: N/A
Trend Name: Trend Tusayan
Vector: Application Vulnerability, Multiple
LOW: The vectors used to infect websites appear to be well-documented vulnerabilities in older versions of website platforms.
HIGH: This infection provides complete control of the target website, including credential disclosure and database contents.
HIGH: This infection provides the adversary administrator-level access to impacted website applications, making total data loss a possibility.
The SiteLock team has discovered a dangerous malware trend that not only provides website administrator level access to the bad actors involved, but exposes sensitive website credentials publicly over the internet.