June 26, 2024

Another major WordPress security flaw is putting thousands of websites at risk

October 12, 2023 0

 

Cybersecurity researchers from Defiant recently spotted a new malware strain targeting WordPress by impersonating an optimization plugin.

The goal of the malware, it was said, was to grant the attackers administrative access to the WordPress website.

While cleaning a website over the summer of 2022, the researchers discovered a plugin with a “professional-looking” opening comment about how it’s a caching tool helping reduce the strain on the server and cut down on page loading times. This choice, the researchers further explained, was deliberate, to make sure web admins don’t suspect much on manual inspection. Furthermore, the plugin is set to exclude itself from the list of active plugins, for the same purpose.

Monetizing compromised websites

The malware is capable of doing a number of things, including creating a “superadmin” account with a hard-coded password; detecting bot traffic to serve them spam content (sometimes erroneously, causing a spike in spam reports from genuine users); replacing content on the site and inserting spam links or buttons (to everyone except site admins so that they don’t realize what’s going on); controlling plugins (remotely activating or deactivating plugins, wiping any traces of its existence, etc.); and remotely activating different malicious functions.  

“Taken together, these features provide attackers with everything they need to remotely control and monetize a victim site, at the expense of the site’s own SEO rankings and user privacy,” the researchers explained their findings.

Defiant did not name the threat actor currently distributing the malware, nor the estimated number of infected websites. We also don’t know exactly how the malware is being distributed, but the researchers speculate the attackers are either brute-forcing their way into WP websites and installing the plugin, or using login credentials stolen elsewhere, in earlier attacks. Then, there is always the possibility of other vulnerable plugins being abused to gain access.

Via BleepingComputer

More from TechRadar Pro

Thousands of WordPress sites have been hit by another major plugin flaw – find out if you’re at riskHere’s a list of the best firewalls todayThese are the best ransomware protection tools right now
 

More Stories

New BMW M5 Revealed: 717 BHP Super-Sedan Gains Plug-In Hybrid Power; Weighs Over 2.4 Tonnes

New BMW M5 Revealed: 717 BHP Super-Sedan Gains Plug-In Hybrid Power; Weighs Over 2.4 Tonnes

June 26, 2024 0
Aston Martin Valiant Unveiled As Manual-Only, Track-Focused V12 Supercar

Aston Martin Valiant Unveiled As Manual-Only, Track-Focused V12 Supercar

June 26, 2024 0
Mahindra XUV 3XO: 3 Reasons To Buy And 3 Reasons To Avoid

Mahindra XUV 3XO: 3 Reasons To Buy And 3 Reasons To Avoid

June 26, 2024 0

You may have missed

New BMW M5 Revealed: 717 BHP Super-Sedan Gains Plug-In Hybrid Power; Weighs Over 2.4 Tonnes

New BMW M5 Revealed: 717 BHP Super-Sedan Gains Plug-In Hybrid Power; Weighs Over 2.4 Tonnes

June 26, 2024 0
Aston Martin Valiant Unveiled As Manual-Only, Track-Focused V12 Supercar

Aston Martin Valiant Unveiled As Manual-Only, Track-Focused V12 Supercar

June 26, 2024 0
Mahindra XUV 3XO: 3 Reasons To Buy And 3 Reasons To Avoid

Mahindra XUV 3XO: 3 Reasons To Buy And 3 Reasons To Avoid

June 26, 2024 0
AirPods and Beats Firmware Updates Address Important Security Issue

AirPods and Beats Firmware Updates Address Important Security Issue

June 26, 2024 0

Samsung Galaxy F55 5G Review: A Stylish Midranger

June 26, 2024 0