Summary: A new malware campaign is targeting WordPress sites using a malicious plugin masquerading as a security tool to gain unauthorized access. This malware facilitates persistent access and remote code execution while remaining undetected in the plugin dashboard. Wordfence researchers discovered the malware during a site cleanup, revealing its ability to regenerate itself and attack via compromised credentials.
Affected: WordPress sites
Keypoints :
- The malware creates a deceptive plugin named ‘WP-antymalwary-bot.php’ and hides itself from the plugin dashboard.
- Attackers gain administrator access through the pluginβs features, allowing them to execute arbitrary code and manipulate site files.
- Site owners are advised to monitor their ‘wp-cron.php’ and ‘header.php’ files for any unauthorized modifications as indicators of infection.