Linux Malware Targets 30+ WordPress Plugins

Contents

Summary Of The Attack

  • Linux Trojan Application exploits outdated plugins and themes in WordPress sites for malicious purposes.
  • Two versions of the malicious application exist with the second one being an improved version of the first.
  • There is a chance that even if updates are made on the plugins, the attackers can still target administrators’ accounts on the WordPress sites.
  • It is quite important to keep all components of the WordPress sites up-to-date.
.

What Happened?

A Linux backdoor malware has been discovered that has the capabilities to exploit around 30 WordPress plugins with the goal to inject malicious JavaScript code and make user redirects to harmful, malicious, phishing sites created by the attackers.