A WordPress site is being targeted by an unknown Linux malware that exploits flaws in over 20 plugins and themes to compromise vulnerable systems.
The attack involves weaponizing a list of known security vulnerabilities in 19 different plugins and themes that are likely installed on your WordPress site and using it to target specific websites and compromise your network. It involves deploying implants that can be expanded further.
Doctor Web says it has identified a second version of the backdoor that uses a new command-and-control (C2) domain and an updated list of flaws across 11 additional plugins, bringing the total to 30. .
Affected plugins and themes are listed below –
- WP Live Chat Support
- Articles related to Yuzo
- Yellow Pencil Visual CSS Style Editor
- Easy WP SMTP
- WP GDPR Compliance
- Newspaper (CVE-2016-10972)
- Tim Core
- Smart Google Code Inserter (Discontinued As of January 28, 2022)
- Total donation
- Custom Template Light Post
- WP Quick Booking Manager
- Live Chat with Messenger Customer Chat by Zotabox
- blog designer
- WordPress Ultimate FAQ (CVE-2019-17232 When CVE-2019-17233)
- WP-Piwik integration (WP-Piwik)
- ND shortcode
- WP Live Chat
- Coming soon page and maintenance mode
- FV Flowplayer Video Player
- Woo Commerce
- Coming soon page & maintenance mode
- one tone
- simple field
- Deluxe SEO
- Poll, Survey, Form and Quiz Maker by OpinionStage
- social metrics tracker
- WPeMatico RSS feed fetcher, and
- rich review
Both variants are said to contain an unimplemented method for brute-forcing WordPress admin accounts, but is it a holdover from previous versions or is it still undisclosed? It is not clear which features are missing.
“If such an option were implemented in a newer version of the backdoor, cybercriminals could attack some of the websites that use the current plugin version with the vulnerabilities patched. even possible,” the company said.
WordPress users are encouraged to keep all components of the platform up to date, including third-party addons and themes. We also recommend using a strong and unique login and password to protect your account.
The disclosure is that Fortinet FortiGuard Labs has discovered another bot called GoTrim designed to use WordPress content management systems (CMS) to brute force attacks on self-hosted websites and gain control of the targeted systems. It took place a few weeks after revealing the details of the net.
Last month, Sucuri noted that over 15,000 WordPress sites were compromised as part of a malicious campaign that redirected visitors to fake Q&A portals.Number of active infections currently standing at 9,314.