Linux malware invades websites with 30 flaws in WordPress plugins and themes

More than 30 bugs or security flaws in WordPress plugins and themes are the gateway to the new malware, which targets servers and systems running on the Linux platform. The pest makes successive infiltration attempts against domains, using vulnerabilities, until it finds one that works, and spreads malicious code to redirect users to dangerous domains, which continues the chain of contamination.

The ultimate goal is to control the platforms remotely to perform scams, send new viruses, or obtain data. However, the method is more general, with 32 and 64-bit Linux servers in the crosshairs, with sites successively submitting tests involving the compromised extensions, until one is found and exploited automatically.

Plug-ins are of the most different types and range from service assistants for chats on social networks to customization of visuals, donations, integrations and maintenance modes. Check out the list:

• WP Live Chat Support Plugin
• WordPress – Posts related to Yuzu
• Yellow Visual Pencil Custom Plugin
• easysmtp
• WP Plugin GDPR Compliance
• Newspaper theme on access control for WordPress
• thin core
• Google Inserter Code
• Total donations plugin
• Publish custom templates Lite
• WP Quick Booking Manager
• Facebook Live Chat by Zotabox
• Blogger WordPress plugin
• Frequently asked questions about WordPress Ultimate
• WP-Matomo (WP-Piwik) integration
• WordPress ND shortcodes for Visual Composer
• WP Live Chat
• Coming soon page and maintenance status
• hybrid
• Breezy WordPress plugin
• FV Flowplayer is a video player
• WooCommerce Books Online
• WordPress coming soon page
• OneTone WordPress theme
• Simple Fields WordPress plugin
• WordPress Delucks SEO plugin
• Survey, poll, form and quiz maker by OpinionStage
• Social metrics tracker
• WPeMatico RSS Feed Fetcher
• Rich Reviews plugin

According to the report of Dr. The Web, the cybersecurity company responsible for unearthing the plague, is malware in constant evolution. When the analysis by its experts began, there were 19 targets, with the total increasing to 30 in a later update and indicating more could be on the way. In addition, the intense search for compromises for various purposes can also refer to hacking as a service process, with access sold to third parties to carry out attacks.

The pest also has features that are disabled, such as attempts to break into the site’s admin panels through brute force. In summary of all these factors, abandoned or unmaintained sites end up being the preferred target, whether due to the presence of outdated extensions or no longer receiving support from their developers, as well as the lack of more advanced protection and security elements.

The recommendation then is precisely to update. The listed plug-ins, in particular, must work in their most recent versions, which no longer use the slot, or be replaced by another if they no longer receive security patches. In addition, administrators must use two-step authentication to access panels and monitor access to control systems and servers as well, in order to detect suspicious situations.

Source: Web Doctor

Trending on Canaltech:

+The best content in your email for free. Choose your favorite Terra newsletter. click here!