Researchers from WordPress security firm Defiant unveiled a recently discovered malware targeting WordPress websites, camouflaged as a legitimate caching plugin.
The malevolent software was detected in July during a website cleanup operation. This malware, essentially a backdoor, lets threat actors create an administrator account, gaining complete control over the target website.
Analysts said the malware carries a "professional looking opening comment" to mimic a legitimate caching tool—a utility typically used to optimize website traffic, decrease server load, and accelerate page loading times.
The choice to masquerade as a caching plugin is deliberate, aimed at averting scrutiny and slipping through manual inspections. It also hides itself from the list of active plugins on compromised websites to avoid detection.
According to the researchers, the malicious plugin encompasses a variety of capabilities:
"Taken together, these features provide attackers with everything they need to remotely control and monetize a victim site, at the expense of the site’s own SEO rankings and user privacy," the researchers noted in a security advisory.
While the number of compromised websites and other details about the plugin remain undisclosed, the researchers have emphasized the camouflage nature of this malware as a cache plugin.
This discovery comes on the heels of another significant event; researchers recently spotted a massive Balada Injector campaign and linked it to the compromise of over 17,000 WordPress websites.
To fend off such threats, users are advised to keep their themes and plugins updated to the latest versions, employ robust password policies, periodically scan their websites for suspicious activities, and remove unused or questionable items from their panels.
Furthermore, managing user permissions diligently can help prevent unwanted operations stemming from a lack of a healthy permissions policy.
With the continuous evolution of malicious software, staying a step ahead in security measures is imperative for website owners to protect their digital assets and user trust.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024