"Linux Backdoor Malware Infects WordPress-Based Websites"

The Information Technology (IT) security solutions vendor Dr. Web has identified Linux malware that compromises WordPress-based websites. It exploits 30 flaws in various plugins and themes for this platform. If websites use outdated versions of such add-ons, the targeted web pages are injected with malicious JavaScript code. When consumers click on any part of an infected page, they are sent to other websites. Cybercriminals have been targeting WordPress-powered websites for many years. Experts in information security have documented instances in which numerous WordPress platform vulnerabilities are exploited to compromise websites and introduce malicious code. The investigation performed by Dr. Web's researchers on a recently discovered Trojan application revealed that it might be the tool that cybercriminals have been employing for more than three years to carry out such attacks and profit from traffic resales. According to Dr. Web's anti-virus categorization, this malware is dubbed "Linux.BackDoor.WordPressExploit.1" and targets 32-bit versions of Linux. It can potentially operate on 64-bit versions. Attackers remotely control the backdoor. It is capable of attacking a specified website, entering standby mode, shutting off, and pausing action logging. The Trojan's main function is to hijack websites that use the WordPress Content Management System (CMS) and inject a malicious script into their web pages. It accomplishes this by exploiting known vulnerabilities in WordPress plugins and website themes. Before attacking, the Trojan contacts its command-and-control (C2) server and obtains the address of the site to be infected. Then the backdoor attempts to exploit vulnerabilities in outdated plugins and themes. This article continues to discuss findings regarding the Linux backdoor malware infecting WordPress-based websites.

Dr. Web reports "Linux Backdoor Malware Infects WordPress-Based Websites"