A cyber-criminal injects a PHP backdoor inside fake WordPress plugin

in news •  7 years ago 

wordpress-logo.png

WordPress is the most popular CMS with biggest market share by way (more than 27 percent of the net). The imitation plugin was found by Sucuri investigators, the plugin wasn't available on the official WordPress Plugins repository, sufferers installed it via other resources.

https://blog.sucuri.net/2017/09/fake-plugins-fake-security.html

Based on Sucuri:

"Lately, a bogus WordPress safety plugin named X-WP-SPAM-SHIELD-PRO got our focus. Fake plugins frequently have a few plugin and folders names that seem valid, however, the contents contain a malicious file which comprises a backdoor or similar malware."

Users that set up the bogus safety plugin (X-WP-SPAM-SHIELD-PRO) were shocked since the backdoor allowed the attacker to create his own admin accounts on the affected website, upload malicious files onto the victim's servers, then disable different plugins, and a whole lot more.

Recall that all safety plugins are protected. By downloading plugins from un-trusted resources or departing your site vulnerable, you're putting your site at a fantastic danger.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Congratulations @hackandtechnews! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

You published 4 posts in one day

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!