Linux Malware Affecting Plugins and Themes on WordPress Sites – A previously unknown strain of Linux malware is targeting WordPress sites by exploiting vulnerabilities in over two dozen plugins and themes. Cybersecurity experts recommend keeping all components of the platform updated, including third-party add-ons and themes, and using strong, unique logins and passwords.
Table of contents:
1. Malware Injection and Redirection Tactics
2. Exploiting Vulnerabilities in Plugins and Themes
3. Brute-Forcing Administrator Accounts: A Potential Threat
4. Recommendations for WordPress Users
5. Conclusion: Protect Your WordPress Site and Stay Informed
1. Malware Injection and Redirection Tactics
A new strain of Linux malware has been discovered targeting WordPress sites by exploiting flaws in more than 30 plugins and themes. This malware injects malicious JavaScript into targeted web pages, causing users to be redirected to other sites when they click on any area of the compromised page. Russian security vendor Doctor Web published a report on this issue last week.
2. Exploiting Vulnerabilities in Plugins and Themes
The malware leverages known security vulnerabilities in 19 different plugins and themes installed on WordPress sites. It deploys an implant that targets specific websites to expand its network further. The malware is also capable of injecting JavaScript code retrieved from a remote server, allowing the attacker to redirect site visitors to any website of their choice.
Doctor Web identified a second version of the backdoor, which uses a new command-and-control (C2) domain and an updated list of flaws in 11 additional plugins, bringing the total to 30 affected plugins and themes. The targeted plugins and themes have vulnerable versions that can be exploited by the attackers.
3. Brute-Forcing Administrator Accounts: A Potential Threat
Both variants of the malware include an unimplemented method for brute-forcing WordPress administrator accounts. It is unclear whether this is a remnant from an earlier version or a functionality yet to be deployed. If implemented in newer versions, cybercriminals could potentially attack websites that use current plugin versions with patched vulnerabilities.
4. Recommendations for WordPress Users
WordPress users are advised to keep all components of the platform up-to-date, including third-party add-ons and themes. Strong and unique logins and passwords should be used to secure their accounts. This disclosure follows recent reports on botnets like GoTrim, designed to brute-force self-hosted WordPress sites, and malicious campaigns redirecting visitors to bogus Q&A portals.
5. Conclusion: Protect Your WordPress Site and Stay Informed
To protect your WordPress site, keep all components, including third-party add-ons and themes, up-to-date. Use strong, unique logins and passwords to secure your accounts. Stay informed about cybersecurity threats and follow best practices to keep your site safe from attacks.
