A new malware version has been identified that targets WordPress websites with vulnerable add-ons installed. Whenever visitors click anywhere on the site, the malware (opens in a new tab) allows malicious attackers to redirect visitors to a website of their choosing.
The malware was found by Dr. Web researchers, and its name is ‘Linux.BackDoor.WordPressExploit.1’ and is referred to as a Trojan horse that targets 32-bit Linux versions.
More Versions
The Trojan performs its operations by injecting malicious JavaScript onto unprotected websites. Trojan accomplishes this by taking advantage of known security flaws in a variety of problematic add-ons, including WP Live Chat Support Plugin, WP Live Chat, Google Code Inserter, and WP Quick Booking Manager.
According to the researchers, the malware may have been trading traffic or engaged in arbitrage for as long as three years.
The researchers said, “The injection is done in such a way that when the infected page is loaded, this JavaScript will be initiated first – regardless of the original contents of the page.”
The researchers said later an updated version was also found, which besides having a different command & control (C2) server, also exploited flaws in additional add-ons, such as Brizy WordPress Plugin, FV Flowplayer Video Player, and WordPress Coming Soon Page.
According to a report, both versions included additional features that have yet to be activated, including one that allowed malicious attackers to use brute-force attacks to target admin accounts. Hence, it is highly likely that the attackers planned for additional versions of the Trojan, and extra features, to boot.
The report adds, “If such an option is implemented in newer versions of the backdoor, cyber-criminals will even be able to successfully attack some of those websites that use current plugin versions with patched vulnerabilities.”
According to researchers, Webmasters should ensure that the WordPress platform and any installed add-ons are up to date in order to keep their websites secure. They should also keep a watch on updates that have been implemented, particularly those that are available for free download.