Experts observed a new wave of malware attacks targeting WordPress sites [source: securityaffairs]

by CIRT Team

Experts from the firm Sucuri observed a new wave of wp-vcd malware attacks that is targeting WordPress sites leveraging flaws in outdated plugins and themes

A new malware campaign is threatening WordPress installs, the malicious code tracked as wp-vcd hides in legitimate WordPress files and is used by attackers to add a secret admin user and gain full control over infected websites.

The malware was first spotted in July by the Italian security expert Manuel D’Orso who noticed that the malicious code was loaded via an include call for the wp-vcd.php file and injected malicious code into WordPress core files such as functions.php and class.wp.php.

The wp-vcd malware attacks continued, evolving across the months. Recently researchers from Sucuri firm discovered a new strain of this malware that injected malicious code in the legitimate files of the two the default themes “twentyfifteen” and “twentysixteen”included in the WordPress CMS in 2015 and 2016.

This is an old tactics that leverage themes files (active or not) files to hide malicious code, in the specific case the malware creates a new “100010010” admin user with the intent to establish a backdoor into the target installation.

For more, click here.

CIRT Team

Recommended Posts

Training on cybersecurity awareness for Department of Women Affairs

25 Nov 2023 - Articles, English articles, News, News Clipping, Service

BGD e-GOV CIRT এর আয়োজনে আয়োজনে আর্থিক প্রতিষ্ঠান ও CII সমূহের সাইবার ড্রিল ২০২৩ চূড়ান্ত পর্ব অনুষ্ঠিত

22 Oct 2023 - Articles, Bangla Articles, CIRT In Media, News, News Clipping

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes

25 Oct 2022 - News, News Clipping