WordPress Sites Under Attack From Newly Found Linux Trojan

  /     /     /  
Publicated : 23/11/2024   Category : security


WordPress Sites Under Attack From Newly Found Linux Trojan


Researchers who discovered the backdoor Linux malware say it may have been around for more than three years — and it targets 30+ plug-in bugs.



A newly identified Trojan backdoor program exploits some 30 vulnerabilities in WordPress plug-ins and themes in order to breach websites based on the WordPress content management system. It only needs to abuse one of those flaws to execute an attack.
Researchers from Doctor Web who discovered two iterations of the malware — dubbed
Linux.BackDoor.WordPressExploit.1
and
Linux.BackDoor.WordPressExploit.2
— said sites running outdated or unpatched versions of these WordPress tools are at risk of harboring malicious JavaScripts that redirect site visitors to nefarious websites, and should update those programs ASAP.
And heres a scary twist: An analysis of an uncovered trojan application, performed by Doctor Webs specialists, revealed that it could be the malicious tool that cybercriminals have been using for more than three years to carry out such attacks and monetize the resale of traffic, or arbitrage, the researchers
wrote about the malware
, which targets 32-bit versions of Linux and also can run on 64-bit versions of the platform.
Among the plug-ins and themes the Trojans version 1 variant abuses are WP Live Chat Support Plugin; Yellow Pencil Visual Theme Customizer Plugin; Easysmtp; WP GDPR Compliance Plugin; Google Code Inserter; Blog Designer WordPress Plugin; and WP Live Chat. Version 2 exploits other WordPress plugins, including Brizy WordPress Plugin; FV Flowplayer Video Player; WordPress Coming Soon Page; Poll, Survey, Form & Quiz Maker by OpinionStage; and Social Metrics Tracker.
WordPress plug-ins and themes are a popular avenue for cybercriminals looking to take over websites; they can be used for everything from phishing to ad fraud to malware distribution. Vulnerabilities are not uncommon. For instance, in December an SSRF vulnerability in the
Google Web Stories plug-in
was found that would allow a cyberattacker to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
WordPress Sites Under Attack From Newly Found Linux Trojan