PHP Reinfector and Backdoor Malware Target WordPress Sites
Nov. 14, 2024, 8:59 a.m.
Tags
External References
Description
A sophisticated PHP reinfector and backdoor malware is targeting WordPress websites, infecting plugin files and database tables. The malware reinfects active plugins, manipulates wp_options and wp_posts tables, and creates malicious admin users. It utilizes WordPress's cron system to maintain control and injects third-party scripts for VexTrio scam redirects. The infection mechanism goes beyond the WPCode plugin, affecting sites without it installed. The malware employs various techniques to evade detection, including function obfuscation and deactivating security plugins. It also includes a backdoor for remote code execution. This persistent threat emphasizes the need for regular site monitoring, updates, and professional security measures to prevent and address infections effectively.
Date
Published: Nov. 14, 2024, 3:18 a.m.
Created: Nov. 14, 2024, 3:18 a.m.
Modified: Nov. 14, 2024, 8:59 a.m.
Attack Patterns
Backdoor Malware
PHP Reinfector
T1078.004
T1053.003
T1505.003
T1608.003
T1059.001
T1071.001
T1562.001
T1027
T1190
T1133