Fake WordPress Plugin Comes with Cryptocurrency Mining Function

[silversurfer]

Malicious plugins for WordPress websites are being used not just to maintain access on the compromised server but also to mine for cryptocurrency.

Researchers at website security company Sucuri noticed the number of malicious plugins increase over the past months. The components are clones of legitimate software, altered for nefarious purposes.

One of the plugins discovered by Sucuri to have a double purpose is a clone of "wpframework." It was found in September and attackers used it to "gain and maintain unauthorized access to the site environment," the researchers say.

Read more here: https://www.bleepingcomputer.com/news/se...-function/

[silversurfer]

Hackers Backdoor Sites by Hiding Fake WordPress Plugins

Malicious plugins that hide in plain sight and act as backdoors are used by attackers to gain and maintain a foothold on WordPress websites, and to upload web shells and scripts for brute-forcing other sites.
 
For instance, some of these fake plugins with backdoor functionality — named initiatorseo or updrat123 by their creators — were seen cloning the functionality of the highly popular backup/restore WordPress plugin UpdraftPlus, with a current active number of over two million installations.
 
"The metadata comments within these fake plugins include copies from version 1.16.16 of UpdraftPlus, which was released on July 23rd, 2019," found researchers at web security and protection company Sucuri.

Read more here: https://www.bleepingcomputer.com/news/se...s-plugins/