Hacker Hides Backdoor Inside Fake WordPress Security Plugin


Userlevel 7
Badge +48
September 29, 2017  By Catalin Cimpanu
 


 
A cyber-criminal has hidden the code for a PHP backdoor inside the source code of a WordPress plugin masquerading as a security tool named "X-WP-SPAM-SHIELD-PRO."
 
The attacker was obviously trying to leverage on the reputation of a legitimate and highly popular WordPress plugin called "WP-SpamShield Anti-Spam," a popular anti-spam tool for self-hosted WordPress sites.
 
Instead, users who downloaded X-WP-SPAM-SHIELD-PRO got a nasty surprise in the form of a backdoor that allowed the attacker to create his own admin account on the site, upload files on the victim's servers, disable all plugins, and more.
 
Full Article.

1 reply

Userlevel 7
Ouch!!! Sneaky is the word these criminals are getting better and better at what they do. Its a constant struggle to stay ahead of these bums.

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings