New Linux malware found targeting WordPress sites

WordPress sites with vulnerable add-ons targeted once again

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new malware variant has been spotted targetingWordPress websiteswith vulnerable add-ons installed.

Themalwareallows threat actors to redirect the visitors to a website of their choosing, whenever they click anywhere on the site.

Discovered by researchers from Dr.Web, the malware is named Linux.BackDoor.WordPressExploit.1 and is described as a Trojan targeting 32-bit versions ofLinux, which can also run on 64-bit versions.

More versions

The Trojan operates by injecting a malicious JavaScript into vulnerable websites. It does so by exploiting known vulnerabilities in a number of flawed add-ons, such as WP Live Chat Support Plugin, WP Live Chat,GoogleCode Inserter and WP Quick Booking Manager.

The researchers suspect the malware could have been active for as long as three years, selling traffic, or engaging in arbitrage.

“The injection is done in such a way that when the infected page is loaded, this JavaScript will be initiated first – regardless of the original contents of the page,” the researchers said.

An updated version was also subsequently discovered which, besides having a different command & control (C2) server, also exploited flaws in additional add-ons, such as Brizy WordPress Plugin, FV Flowplayer Video Player and WordPress Coming Soon Page.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

WordPress plugin vulnerability exposed millions of websites to attack>Serious WordPress plugin vulnerability abused to attack thousands of websites>These are the best WordPress hosting solutions

The report also stated that both versions came with additional features that still haven’t been turned on, including one that allowed threat actors to target admin accounts via brute-force attacks. Hence, it’s highly likely that the attackers planned for additional versions of the Trojan, and extra features, to boot.

“If such an option is implemented in newer versions of the backdoor, cyber-criminals will even be able to successfully attack some of those websites that use current plugin versions with patched vulnerabilities,” the report adds.

To keep their websites secure, webmasters should make sure their WordPress platform, as well as the add-ons installed, are up-to-date. Also, they should also keep an eye on news regarding the installed updates, especially for those that are free to download.

Via:Infosecurity Magazine

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet