A WordPress site is being targeted by an unknown Linux malware that exploits flaws in over 20 plugins and themes to compromise vulnerable systems.
According to Russian security vendor Doctor Web, “If a site uses an outdated version of such an add-on and is missing a critical fix, it will inject malicious JavaScript into the targeted webpage.” Said In a report released last week. “As a result, when users click on any area of โโthe attacked page, they are redirected to other sites.”
The attack involves weaponizing a list of known security vulnerabilities in 19 different plugins and themes that are likely installed on your WordPress site and using it to target specific websites and compromise your network. It involves deploying implants that can be expanded further.
It can also inject JavaScript code retrieved from a remote server to redirect site visitors to any website of the attacker’s choosing.
Doctor Web says it has identified a second version of the backdoor that uses a new command-and-control (C2) domain and an updated list of flaws across 11 additional plugins, bringing the total to 30. .
Affected plugins and themes are listed below –
- WP Live Chat Support
- Articles related to Yuzo
- Yellow Pencil Visual CSS Style Editor
- Easy WP SMTP
- WP GDPR Compliance
- Newspaper (CVE-2016-10972)
- Tim Core
- Smart Google Code Inserter (Discontinued As of January 28, 2022)
- Total donation
- Custom Template Light Post
- WP Quick Booking Manager
- Live Chat with Messenger Customer Chat by Zotabox
- blog designer
- WordPress Ultimate FAQ (CVE-2019-17232 When CVE-2019-17233)
- WP-Piwik integration (WP-Piwik)
- ND shortcode
- WP Live Chat
- Coming soon page and maintenance mode
- hybrid
- blizzy
- FV Flowplayer Video Player
- Woo Commerce
- Coming soon page & maintenance mode
- one tone
- simple field
- Deluxe SEO
- Poll, Survey, Form and Quiz Maker by OpinionStage
- social metrics tracker
- WPeMatico RSS feed fetcher, and
- rich review
Both variants are said to contain an unimplemented method for brute-forcing WordPress admin accounts, but is it a holdover from previous versions or is it still undisclosed? It is not clear which features are missing.
โIf such an option were implemented in a newer version of the backdoor, cybercriminals could attack some of the websites that use the current plugin version with the vulnerabilities patched. even possible,โ the company said.
WordPress users are encouraged to keep all components of the platform up to date, including third-party addons and themes. We also recommend using a strong and unique login and password to protect your account.
The disclosure is that Fortinet FortiGuard Labs has discovered another bot called GoTrim designed to use WordPress content management systems (CMS) to brute force attacks on self-hosted websites and gain control of the targeted systems. It took place a few weeks after revealing the details of the net.
Last month, Sucuri noted that over 15,000 WordPress sites were compromised as part of a malicious campaign that redirected visitors to fake Q&A portals.Number of active infections currently standing at 9,314.
The GoDaddy-owned website security company also shared information in June 2022 about a traffic direction system (TDS) known as Parrot. Parrot has been observed targeting WordPress sites with malicious JavaScript that drops additional malware onto hacked systems.
