Home / Definitions / Soaksoak Malware

Soaksoak Malware

Forrest Stroud
Last Updated May 24, 2021 7:55 am

SoakSoak is a strain of malware that leverages security vulnerabilities in a WordPress plug-in. These vulnerabilities are found in the RevSlider third-party plug-in, which is included in several popular themes for the open source blogging and content management system (CMS).

SoakSoak can utilize these vulnerabilities on unpatched or out-of-date WordPress systems to connect with the SoakSoak.ru domain and load JavaScript malware onto the infected Website. This malware includes a backdoor Trojan that enables control of the compromised WordPress site.

SoakSoak Large-Scale Attack in 2014

SoakSoak was launched as a large-scale attack on December 14th, 2014. Despite updated versions of the RevSlider plug-in being available since September of 2014, more than 100,000 WordPress sites were infected by the initial strain of SoakSoak.

Because the RevSlider plug-in isn’t directly installed by users but is instead included as part of downloadable themes for WordPress, many WordPress sites were infected without the knowledge of the webmaster of the site.