Detecting and Resisting the Latest WordPress Malware: BabaYaga

Malware always evolves and sometimes even takes new forms. Unfortunately, any computer or website can not be absolutely protected due to this fact. Although WordPress is one of the most secured platforms in the modern internet, there is always a chance to get some malware and suffer from the consequences.

One of the experienced WordPress protectors — Wordfence — has recently informed community about a new malware which appears to have a new modus operandi compared to the known analogs. This new malware is called BabaYaga and it stands out with the feature to delete any other malware your WordPress website could have received earlier.

Why BabaYaga is deleting other malware and what harm can it bring to your WordPress website? This article will inform you about these important questions. We have also gathered the common protection measures which you can use within your WordPress website to detect and resist BabaYaga. Stay informed with LooksAwesome!

What Does BabaYaga?

As we have already mentioned, BabaYaga has a unique feature of deleting any other malware on your WordPress website. Of course, it comes not because of charity or good will rather to lull your attention and distract you from what this malware actually does to your WordPress website.

The main purpose of BabaYaga`s work is to create new pages within your WordPress website to put lots of keywords and affiliate links inside them. The high density of keywords allows these pages to appear in the index of search engines very quickly. Search engines will naturally ban those pages but for some time they will bring a potential audience to the pages with affiliate links. This is actually an illegal way to get more clicks and earn money on some affiliate programs.

Essentially, BabaYaga does two things: divert your attention and places affiliate links on pages it creates. You could think that other malware removal is a kind of positive feature but actually it is not. In fact, BabaYaga acts like a real parasite. It kills the competitors and feeds from the carrier. Any parasite needs to keep its carrier alive to feed as long as it is possible. That is why another malware is deleted by BabaYaga not only because of attention distraction goal. This action keeps your WordPress website alive a bit longer.

However, BabaYaga will surely kill your website if you would not take any actions to get rid of the parasite. The main reason of “death” would be the great amount of spam pages with affiliate links. Search engines will detect this pages and will punish your WordPress website by falling your search positions and will ban it at the end of the day.

It is actually very important to realize, that BabaYaga harms your WordPress website badly. Because the first step to cure is the recognition of the problem. Otherwise you do not stand a chance against the modern malware and are risking to ruin your entire WordPress project due to one mistake.

How to Detect BabaYaga?

As for today, there are only two proven methods to detect BabaYaga on your WordPress website. One method is to check which hosts and IPs does your WordPress website contact. It can be done with the help of FTP client or special WordPress plugins. The following hosts and IPs are verified as infected:

• 7od.info (178.132.0.105)
• my.wpssi.com (89.38.98.31)

Alternative method does not require FTP client or any other additional tools. You just need to analyze the search results for your own WordPress website. To see the results, you need to enter the following string to Google search bar: site:https://yoursiteURL.com (replacing the sample URL with your own). If you see some pages you did not create or not sure about, then it is the proven signal of your website being infected with BabaYaga malware.

How to Act against BabaYaga?

The resisting activity is same as for any other malware: you should run anti-virus scan and change passwords to all accounts relating to your WordPress website (FTP client, server, hosting and other accounts). These actions are directed to detect and eliminate BabaYaga from your WordPress website and computer which can be also infected. Unfortunately, these simple anti-malware action do not always help because BabaYaga is a hardly detected type of malware.

Alternative ways include website back-up use and installing of additional premium WordPress plugins for malware detection and deleting. If you still see the unwanted results in the search result after all actions described above are taken, then the only way is to seek professionals` help. There are lots of companies who offer their service for WordPress websites` owners including malware protection. This method requires funding and is usually used as the last measure.

How to Protect Your WordPress Website Beforehand?

The process of detection and deleting of BabaYaga malware is difficult and potentially expensive. That is why it is always better to protect your WordPress website beforehand. Here are the basic tips on keeping your website safe and secure from BabaYaga and other dangerous malware:

• Do not neglect Firewall and proven anti-virus on your local computer. These are the most important requirements which solve 99% of problems before they even appear.
• Use only strong passwords on your WordPress website, hosting, domain, FTP client and other related services. Strong password implies letters in upper and lower case, numbers and special symbols combined.
• Scan your WordPress website with the help of free or premium plugins for malware regularly. Do not rely solely on WordPress protection and recheck the odds.
• Always keep your WordPress version updated. This is also true for each and any plugin (not only secure-related) because every tiny breach could be used by malware.
• Check out the security opportunities from our dedicated blog section and choose the options which suit to your WordPress projects at best rate.