A cyber-criminal injects a PHP backdoor inside fake WordPress plugin

in #news7 years ago

wordpress-logo.png

WordPress is the most popular CMS with biggest market share by way (more than 27 percent of the net). The imitation plugin was found by Sucuri investigators, the plugin wasn't available on the official WordPress Plugins repository, sufferers installed it via other resources.

https://blog.sucuri.net/2017/09/fake-plugins-fake-security.html

Based on Sucuri:

"Lately, a bogus WordPress safety plugin named X-WP-SPAM-SHIELD-PRO got our focus. Fake plugins frequently have a few plugin and folders names that seem valid, however, the contents contain a malicious file which comprises a backdoor or similar malware."

Users that set up the bogus safety plugin (X-WP-SPAM-SHIELD-PRO) were shocked since the backdoor allowed the attacker to create his own admin accounts on the affected website, upload malicious files onto the victim's servers, then disable different plugins, and a whole lot more.

Recall that all safety plugins are protected. By downloading plugins from un-trusted resources or departing your site vulnerable, you're putting your site at a fantastic danger.

#wordpress #hacking #criminal #backdoor
7 years ago in #news by
$0.00
    2 votes
    Reply 1
    Sort:  
  • Trending
    • [-]
     7 years ago 

    Congratulations @hackandtechnews! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

    You published 4 posts in one day

    Click on any badge to view your own Board of Honor on SteemitBoard.
    For more information about SteemitBoard, click here

    If you no longer want to receive notifications, reply to this comment with the word STOP

    By upvoting this notification, you can help all Steemit users. Learn how here!

    Coin Marketplace

    STEEM 0.16
    TRX 0.15
    JST 0.029
    BTC 57910.39
    ETH 2452.33
    USDT 1.00
    SBD 2.35