SoakSoak is a strain of malware that leverages security vulnerabilities in a WordPress plug-in. These vulnerabilities are found in the RevSlider third-party plug-in, which is included in several popular themes for the open source blogging and content management system (CMS).
SoakSoak Large-Scale Attack in 2014
SoakSoak was launched as a large-scale attack on December 14th, 2014. Despite updated versions of the RevSlider plug-in being available since September of 2014, more than 100,000 WordPress sites were infected by the initial strain of SoakSoak.
Because the RevSlider plug-in isn’t directly installed by users but is instead included as part of downloadable themes for WordPress, many WordPress sites were infected without the knowledge of the webmaster of the site.