October 12, 2023 at 10:38AM
Researchers have discovered a sophisticated malware hidden within an authentic-looking WordPress caching plugin. This malware can create admin accounts and remotely activate plugins, giving threat actors complete control over infected websites. The malware can be difficult to detect and has features like conditional content filtering and file modification capabilities. WordPress users should follow security best practices and have security monitoring in place to protect against such threats.
Summary of Meeting Notes:
During a recent meeting, it was discussed that a sophisticated malware has been discovered posing as a WordPress caching plugin. This malware can create an administration account for a website and allow threat actors to completely take control of infected sites. The plugin has various malicious capabilities, such as remote plugin activation, conditional content filtering, and file modification. It can also activate or deactivate arbitrary plugins remotely. The malware was discovered by Wordfence researchers, who created a signature and released it to customers. The malicious plugin has features that may raise suspicion, such as creating a new user account with hardcoded passwords and including bot detection code. It was also noted that plugins remain a common target for attacks on WordPress sites, so adhering to security best practices and implementing security monitoring is crucial.