A recent malware campaign has emerged, specifically targeting WordPress websites through a malicious plugin that poses as a security tool. This deceitful plugin effectively tricks users into installing it, allowing attackers to maintain persistent access, execute code remotely, and inject harmful JavaScript. Researchers at Wordfence discovered the malware after cleaning an infected site, identifying a modified wp-cron.php file that automatically regenerates the malicious plugin. The infection's entry point remains elusive, with suspicions pointing towards compromised hosting accounts or stolen FTP credentials. The command and control server's location in Cyprus suggests a sophisticated threat model likely related to previous supply chain attacks.
A new malware campaign is targeting WordPress websites using a malicious plugin disguised as a security tool, exploiting user trust.
Collection
[
|
...
]