Reserved IP Address°C
04-02-2025
BSV
$31.62
Vol 22.86m
-2.26%
BTC
$84350
Vol 27431.41m
1.42%
BCH
$304.11
Vol 143.59m
-1.37%
LTC
$82.08
Vol 326.54m
-2.86%
DOGE
$0.17
Vol 1234.99m
0.58%
Getting your Trinity Audio player ready...

Cybercriminals are now targeting WordPress websites using malicious plugins to plant cryptojacking malware. According to a new report, the plugins are also being used to give the attackers access to the compromised server. These plugins have been increasing over the past few months, probably as a result of their success.

The report by website security company Sucuri revealed that interest in WordPress plugins by attackers has steadily risen in the past few months. These plugins always appear harmless at first glance, but they are used by the attackers as “a backdoor for the attacker to maintain access to the compromised website environment, even after the initial infection vector has been cleaned up.”

In the past, these plugins have been used for different purposes, including in August this year when Sucuri discovered that they were being used to encrypt blog content.

The blog post stated, “We recently discovered a number of compromised websites containing a plugin called “wpframework”. This plugin is being planted by bad actors to gain and maintain unauthorized access to the site environment.” The plugin contains the following information on its header:

Malicious WordPress plugin can secretly mine crypto

Once a website owner installs the plugin, it first checks to see if there are any disabled functions. It then scans for the usual, including system and passthru functions which give the attackers command execution ability on the compromised server.

Unlike most backdoors that only focus on a PHP execution, this plugin changes permissions upon downloading and runs a Linux executable binary file which the researchers identified as a cryptominer.

The report concluded, “What is especially concerning about this particular fake plugin is that it can be easily used to just run just about any code through the eval function. The good news is that monitoring for changes to the active plugins on your website and unauthorized access is a good way to mitigate risk and prevent this from happening.”

As CoinGeek recently reported, last week saw the discovery of the first cryptojacking worm known as Graboid as well as the use of WAV files to spread cryptojacking malware.

Recommended for you

Developers in Japan can now get hands-on with BSV’s Python SDK
BSV Blockchain Ambassador and YenPoint CEO Ken Sato is co-presenting a session on BSV's Python SDK at Tohoku University on...
March 20, 2025
Babbage set to release new software stack for BSV Hackathon
Blockchain app building just gets more exciting as Babbage announces the upcoming release of its updated Web3 toolbox for the...
March 18, 2025
Advertisement
Advertisement
Advertisement