BSV
$54.49
Vol 34.19m
3.03%
BTC
$93114
Vol 56200.15m
-2.19%
BCH
$447.78
Vol 323.27m
0.64%
LTC
$102.84
Vol 839.54m
3.57%
DOGE
$0.31
Vol 4444.16m
1.05%
Getting your Trinity Audio player ready...

Cybercriminals are now targeting WordPress websites using malicious plugins to plant cryptojacking malware. According to a new report, the plugins are also being used to give the attackers access to the compromised server. These plugins have been increasing over the past few months, probably as a result of their success.

The report by website security company Sucuri revealed that interest in WordPress plugins by attackers has steadily risen in the past few months. These plugins always appear harmless at first glance, but they are used by the attackers as “a backdoor for the attacker to maintain access to the compromised website environment, even after the initial infection vector has been cleaned up.”

In the past, these plugins have been used for different purposes, including in August this year when Sucuri discovered that they were being used to encrypt blog content.

The blog post stated, “We recently discovered a number of compromised websites containing a plugin called “wpframework”. This plugin is being planted by bad actors to gain and maintain unauthorized access to the site environment.” The plugin contains the following information on its header:

Malicious WordPress plugin can secretly mine crypto

Once a website owner installs the plugin, it first checks to see if there are any disabled functions. It then scans for the usual, including system and passthru functions which give the attackers command execution ability on the compromised server.

Unlike most backdoors that only focus on a PHP execution, this plugin changes permissions upon downloading and runs a Linux executable binary file which the researchers identified as a cryptominer.

The report concluded, “What is especially concerning about this particular fake plugin is that it can be easily used to just run just about any code through the eval function. The good news is that monitoring for changes to the active plugins on your website and unauthorized access is a good way to mitigate risk and prevent this from happening.”

As CoinGeek recently reported, last week saw the discovery of the first cryptojacking worm known as Graboid as well as the use of WAV files to spread cryptojacking malware.

Recommended for you

Google unveils ‘Willow’; Bernstein downplays quantum threat to Bitcoin
Google claims that Willow can eliminate common errors associated with quantum computing, while Bernstein analysts noted that Willow’s 105 qubits...
December 18, 2024
WhatsOnChain adds support for 1Sat Ordinals with new API set
WhatsOnChain now supports the 1Sat Ordinals with a set of APIs in beta testing; with this new development, developers can...
December 13, 2024
Advertisement
Advertisement
Advertisement