Search This Blog

Powered by Blogger.

Blog Archive

Labels

WordPress Sites Hit by New Linux Malware

WordPress is used by 43% of websites, making it a CMS that cybercriminals aggressively target.

According to an analysis by cybersecurity company Dr. Web, WordPress-based websites are being targeted by an unidentified Linux malware variant.

Recognized as LinuxBackDoor.WordPressExploit.1, while it can also operate on 64-bit Linux versions, the Trojan favors 32-bit versions. 30 vulnerabilities in numerous outdated WordPress plugins and themes have been used by Linux malware.  

Injecting harmful JavaScript into the webpages of websites using the WordPress content management system (CMS) is its primary purpose. The malware may be the malicious instrument that hackers have used for more than three years to perform specific attacks and generate income from the resale of traffic, or arbitrage, based on a study of an unearthed trojan program undertaken by Doctor Web's specialists. 

Malicious actors can remotely operate a Trojan by sending its command and control (C&C) server the URL of the site they want to infect. Threat actors can also remotely disable the spyware, turn it off, and stop recording its activities. 

The researchers described how the process works, adding that if a plugin or theme vulnerability is exposed, the injection is done so that, irrespective of the original contents of the page, the JavaScript would be launched first when the infected page is loaded. By clicking any part of the compromised website, users will be sent to the attackers' preferred website.

Additionally, it can take advantage of many plugins' flaws, including the Brizy WordPress Plugin, the FV Flowplayer Video Player, and the WordPress Coming Soon Page.

According to Dr. Web, both Trojan variants include unreleased functionality for brute-force hacking the admin access of selected websites. Applying well-known logins and passwords while utilizing specialized vocabulary can accomplish this.

The researchers issued a warning, speculating that hackers may be considering using this feature in further iterations of the malware. Cybercriminals will even be able to effectively attack some of the websites that utilize current plugin versions with patched vulnerabilities.

WordPress is reportedly used by 43% of websites, making it a CMS that cybercriminals aggressively target.WordPress website owners are recommended by Dr. Web to update all parts of their platforms, including any third-party add-ons and themes, and to use secure passwords for their accounts.

Share it:

Command and Control(C2)

Linux

Malicious actor

Plugin Flaws

Spyware

URL

Vulnerabilities and Exploits

Wordpress Vulnerability