Cybersecurity experts have identified a new malware campaign aimed at WordPress websites, where the malware is disguised as a security plugin named 'WP-antymalwary-bot.php.' This insidious plugin boasts features like reporting to a command-and-control server, executing remote code, and spreading malware to other directories. Detected during a cleanup in January 2025, its variants continue to pose threats by allowing unauthorized access to admin dashboards. Malicious code injections and a persistent wp-cron.php file ensure that the malware can reinstate itself if removed, pointing to a sophisticated Russian-speaking threat actor behind the campaign.
Cybersecurity researchers have discovered a new campaign targeting WordPress sites, masked as a security plugin to deliver sophisticated malware.
Malicious plugin functionalities include reporting to a command-and-control server, injecting code for ad-serving, and maintaining access through persistent changes.
Collection
[
|
...
]