"WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws"

A previously undiscovered strain of Linux malware is targeting WordPress sites by exploiting vulnerabilities in over two dozen plugins and themes to infiltrate vulnerable systems. New research from Doctor Web finds that malicious JavaScript code is injected into targeted web pages if the sites employ outdated versions of add-ons. Therefore, when consumers click on any part of an infected page, they are redirected to other websites. The attacks entail weaponizing known security flaws in 19 plugins and themes that are likely installed on a WordPress website, and deploying an implant that can target a specific website in order to grow the network. It can also inject JavaScript code received from a remote server in order to redirect site users to a website of the attacker's choosing. Doctor Web reported discovering a second variant of the backdoor, which employs a new command-and-control (C2) domain and an updated list of vulnerabilities affecting 11 additional plugins, bringing the total to 30. Both variants are believed to have an unimplemented technique for brute-forcing WordPress administrator credentials. However, it is unclear whether this is a remnant from an earlier version or a future feature. WordPress users are advised to keep all platform components, including third-party plugins and themes, up-to-date. In order to secure their accounts, it is also recommended that they use strong, unique login passwords. This article continues to discuss the latest findings regarding the new Linux backdoor malware targeting WordPress websites. 

THN reports "WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws"