Sucuri

Stealthy WordPress Malware Drops Windows Trojan via PHP Backdoor

A stealthy malware campaign has been discovered targeting WordPress websites to deliver a Windows-based RAT through a PHP backdoor. The infection chain involves a malicious ZIP archive containing the trojan executable.

The Case of Hidden Spam Pages

A campaign targeting WordPress websites involves attackers brute-forcing wp-admin credentials to deploy spam posts and pages for blackhat SEO purposes. The attackers use two malicious plugins to conceal their activity and maintain persistent access.

Malicious WordPress Plugin Creates Hidden Admin User Backdoor

A malicious WordPress plugin named php-ini.php was discovered that conditionally created a malicious admin user on infected websites. The plugin mimicked the legitimate wpforms plugin but only included a single file.

Malicious WordPress Plugin ‘wordpress-player.php’ Redirects Users via Hidden Video and WebSocket C2

A new malicious WordPress plugin named wordpress-player.php has been discovered, designed to covertly redirect site visitors to suspicious domains. At least 26 websites have been confirmed as infected, indicating a growing campaign.

Fake WordPress Caching Plugin Used to Steal Admin Credentials

A malicious WordPress plugin named wp-runtime-cache has been discovered masquerading as a caching plugin to steal admin credentials. The plugin is hidden from the admin panel and lacks author and URL metadata.

Fake Java Update Popup Found in Malicious WordPress Plugin

A malicious WordPress plugin disguised as "Yoast SEO" was found injecting a fake "Java Update" pop-up to trick users into downloading malware. The plugin injects JavaScript into the of pages, avoiding macOS, mobile, and Safari users.

Fake Google Meet Page Tricks Users into Running PowerShell Malware

A fake Google Meet page was discovered, designed to trick users into running a malicious PowerShell command under the guise of fixing a "Microphone Permission Denied" error.

Another Fake Cloudflare Verification Targets WordPress Sites

A new malware campaign is targeting WordPress sites by impersonating a Cloudflare verification page. This multistage infection uses social engineering and obfuscated PowerShell commands to deliver a malicious Windows executable

Fake WordPress Plugin Impacts SEO by Injecting Casino Spam

The attackers used multiple stealthy methods to evade detection: naming the plugin an innocent-sounding name, and hiding it in the WordPress plugins directory versus a core file to avoid being found by integrity checks.

WordPress ClickFix Malware Causes Google Warnings and Infected Computers

The WordPress malware injection attempts to trick unsuspecting victims into executing malicious Powershell commands within Windows OS environments to infect their computers with backdoors.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags