A new malware variant has been spotted targeting WordPress websites with vulnerable add-ons installed.
The malware (opens in new tab) allows threat actors to redirect the visitors to a website of their choosing, whenever they click anywhere on the site.
Discovered by researchers from Dr.Web, the malware is named Linux.BackDoor.WordPressExploit.1 and is described as a Trojan targeting 32-bit versions of Linux, which can also run on 64-bit versions.
The researchers suspect the malware could have been active for as long as three years, selling traffic, or engaging in arbitrage.
An updated version was also subsequently discovered which, besides having a different command & control (C2) server, also exploited flaws in additional add-ons, such as Brizy WordPress Plugin, FV Flowplayer Video Player and WordPress Coming Soon Page.
The report also stated that both versions came with additional features that still haven’t been turned on, including one that allowed threat actors to target admin accounts via brute-force attacks. Hence, it’s highly likely that the attackers planned for additional versions of the Trojan, and extra features, to boot.
“If such an option is implemented in newer versions of the backdoor, cyber-criminals will even be able to successfully attack some of those websites that use current plugin versions with patched vulnerabilities,” the report adds.
To keep their websites secure, webmasters should make sure their WordPress platform, as well as the add-ons installed, are up-to-date. Also, they should also keep an eye on news regarding the installed updates, especially for those that are free to download.
Via: Infosecurity Magazine (opens in new tab)