Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

PHP Reinfector and Backdoor Malware Target WordPress Sites

Nov. 14, 2024, 8:59 a.m.

Description

A sophisticated PHP reinfector and backdoor malware is targeting WordPress websites, infecting plugin files and database tables. The malware reinfects active plugins, manipulates wp_options and wp_posts tables, and creates malicious admin users. It utilizes WordPress's cron system to maintain control and injects third-party scripts for VexTrio scam redirects. The infection mechanism goes beyond the WPCode plugin, affecting sites without it installed. The malware employs various techniques to evade detection, including function obfuscation and deactivating security plugins. It also includes a backdoor for remote code execution. This persistent threat emphasizes the need for regular site monitoring, updates, and professional security measures to prevent and address infections effectively.

Date

Published: Nov. 14, 2024, 3:18 a.m.

Created: Nov. 14, 2024, 3:18 a.m.

Modified: Nov. 14, 2024, 8:59 a.m.

Attack Patterns

Backdoor Malware

PHP Reinfector

T1078.004

T1053.003

T1505.003

T1608.003

T1059.001

T1071.001

T1562.001

T1027

T1190

T1133