Doctor Web researchers discovered a Linux malware, tracked as Linux.BackDoor.WordPressExploit.1, that compromises WordPress websites by exploiting 30 vulnerabilities in multiple outdated plugins and themes.
The malware targets both 32-bit and 64-bit versions of Linux, it supports backdoor capabilities and allows it to attack a specified webpage (website), switch to standby mode, shut itself down, and pause logging its actions.
Before attacking a website, the malware contacts the C&C server and receives the address of the site to infect. Then, the Linux.BackDoor.WordPressExploit.1 attempts to exploit vulnerabilities in the following plugins and themes if they are installed on target websites:
Visitors of compromised pages are redirected to malicious sites used to distribute malware and serve phishing pages. The researchers also spotted a more recent version of the malware that exploits vulnerabilities in the following WordPress plugins:
The researchers noticed that both trojan variants contain unimplemented functionality for hacking the administrator accounts of WordPress websites through a brute-force attack using special dictionaries.
The researchers recommend admins of WordPress sites to keep all the components of the CMS up-to-date, and also urge to use strong and unique logins and passwords for their accounts.
The AV firm also shared Indicators of compromise for this threat.
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, Lunix Malware)