Backdoored CMS Plugins Used to Hijack Web Servers

  • 22 November 2014
  • 0 replies
  • 241 views

Userlevel 7
By Eduard Kovacs on November 21, 2014
 
Malicious CMS Plugins Used to Hijack Web Servers For Black Hat SEO
Thousands of backdoored plugins and themes for popular content management systems (CMS) are being leveraged by a threat group to abuse Web servers on a large scale.
The Netherlands-based security firm Fox-IT has published a whitepaper detailing the threat dubbed "CryptoPHP." Researchers have uncovered malicious themes and plugins for WordPress, Drupal and Joomla. In the case of Drupal, only themes have been found to contain the CryptoPHP backdoor.
The attackers often trick website administrators into installing the backdoor by offering them pirated versions of premium themes and plugins. The malicious software is being distributed via various themes and plugins websites, such as Daily Nulled or Nulled Style. Fox-IT estimates that thousands of websites are affected.
Once it's installed on a Web server, the malware can be controlled by cybercriminals manually, or through command and control (C&C) and email communications.
According to Fox-IT, cybercriminals have been using the backdoor for black hat search engine optimization (SEO). CryptoPHP injects links and text into webpages hosted on the compromised server to generate backlinks.
 
full article

0 replies

Be the first to reply!

Reply