About 4,000 WordPress websites have been infected with malware that disguises itself as a search engine optimization plugin to attract unwary webmasters.
The fake plugin is called WP-Base-SEO and is based on a legitimate SEO module so it is easily overlooked during security scans and seems to be a viable tool by a web team intent on boosting its traffic, said a research team at SiteLock. What the plugin actually does is create a backdoor to the victimized site. The cyberattacker is likely scanning the internet looking for outdated WordPress plugins, particularly those running a plugin called RevSlider, SiteLock said. ThreatPost cited SiteLock analyst Weston Henry who noted that a large portion of the WordPress sites had an out of date version of RevSlider installed. An examination of the plugin finds two malicious files located in /wp-content/plugins/wp-base-seo/wp-seo-main.php. In previous cases where WordPress sites running RevSlider were compromised the attacker installed ransomware using the Neutrino exploit kit. Original source : scmagazine.com
0 Comments
|
|