"WordPress Bug 'Patch' Installs Backdoor for Full Site Takeover"

Attackers are targeting WordPress users with a fake security alert about a Remote Code Execution (RCE) flaw. The alert offers a "patch" that actually spreads malicious code capable of hijacking a site. The email campaign, discovered by Wordfence and Patchstack researchers, impersonates WordPress and warns users of a vulnerability, urging them to click on a link to download a plugin in order to fix the flaw. Patchstack warns that this is not a legitimate email and that the plugin will infect the user's website with a backdoor and a malicious administrator account. According to Patchstack, attackers can use the backdoor to inject advertisements into the site, redirect users to a malicious site, or steal billing information. They can also use it to launch Distributed Denial-of-Service (DDoS) attacks or blackmail site owners by copying the site's database and holding it hostage. This article continues to discuss the fake security alert.

Dark Reading reports "WordPress Bug 'Patch' Installs Backdoor for Full Site Takeover"

Submitted by grigby1