Old versions of Plesk store passwords in clear text
There is a remote SQL vulnerability that has been found in old versions of Plesk allowing attackers to exploit those
Combine these two together and what do you get, malware of course.
Plesk Vulnerability Leading to Malware
Runforestrun and Pseudo Random Domains
We’ve added a bunch of these domains but you should check the resources above, as well as new IP addresses to block.
(Thanks to Jack W. for keeping us up-to-date on these developments.)