October 12, 2023 at 10:55AM
A WordPress backdoor that disguises itself as a legitimate plugin has been discovered by security firm Defiant. The backdoor can run as a plugin and perform various functions, including creating an admin account and serving malicious content based on specific filters. It can also be operated remotely by the threat actor. The malware poses a risk of infecting websites and compromising user data.
Key takeaways from the meeting notes:
– A threat actor has deployed a WordPress backdoor that disguises itself as a legitimate plugin, making it difficult to detect.
– The backdoor operates within the context of WordPress and presents itself as a caching plugin to avoid suspicion.
– It has the ability to create an admin account and activate or deactivate other plugins remotely.
– The malware can serve malicious content to users based on specific filters, potentially leading to spam or redirection to dubious sites.
– The backdoor can be indexed by search engines to drive traffic to the infected website.
– It contains functions to remove malicious content from the database and monetize victim websites.
– This highlights the importance of maintaining strong security measures for WordPress sites and staying vigilant for potential threats.