The infection was identified when a customer noticed unauthorized JavaScript loading on their WordPress site. Investigation revealed that the same malicious script was active on at least 17 other websites.

A recent investigation uncovered two stealthy backdoors on a compromised WordPress site: a fake plugin named DebugMaster Pro and a script named wp-user.php. These files maintained persistent administrative access and exfiltrated credentials.

A recent JavaScript-based malware campaign has been discovered targeting WordPress websites. The malware injects a fullscreen iframe from malicious domains, aiming to deceive users into executing a base64-encoded PowerShell command.

A stealthy backdoor has been discovered in WordPress installations, specifically targeting the mu-plugins directory. This malware leverages the must-use plugin mechanism to ensure automatic activation and persistence.

A new stealthy PHP malware campaign has been discovered targeting WordPress websites. The malware leverages the `zip://` PHP wrapper to include obfuscated malicious code from a ZIP archive embedded in the WordPress core file `wp-settings.php`.

A stealthy malware campaign has been discovered targeting WordPress websites to deliver a Windows-based RAT through a PHP backdoor. The infection chain involves a malicious ZIP archive containing the trojan executable.

A campaign targeting WordPress websites involves attackers brute-forcing wp-admin credentials to deploy spam posts and pages for blackhat SEO purposes. The attackers use two malicious plugins to conceal their activity and maintain persistent access.

A malicious WordPress plugin named php-ini.php was discovered that conditionally created a malicious admin user on infected websites. The plugin mimicked the legitimate wpforms plugin but only included a single file.

A new malicious WordPress plugin named wordpress-player.php has been discovered, designed to covertly redirect site visitors to suspicious domains. At least 26 websites have been confirmed as infected, indicating a growing campaign.

A malicious WordPress plugin named wp-runtime-cache has been discovered masquerading as a caching plugin to steal admin credentials. The plugin is hidden from the admin panel and lacks author and URL metadata.