WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • TheLegacy
    SEO & GEO Connoisseur
    • Apr 2003
    • 18078

    #1

    Tech WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws

    Keep aware of what's happening WP users

    WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems.

    "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Russian security vendor Doctor Web said in a report published last week. "As a result, when users click on any area of an attacked page, they are redirected to other sites."

    The attacks involve weaponizing a list of known security vulnerabilities in 19 different plugins and themes that are likely installed on a WordPress site, using it to deploy an implant that can target a specific website to further expand the network.

    It's also capable of injecting JavaScript code retrieved from a remote server in order to redirect the site visitors to an arbitrary website of the attacker's choice.

    Doctor Web said it identified a second version of the backdoor, which uses a new command-and-control (C2) domain as well as an updated list of flaws spanning 11 additional plugins, taking the total to 30.


    https://thehackernews.com/2023/01/wo...fJ7VVHsUHYg2F0

    The targeted plugins and themes are below -

    WP Live Chat Support
    Yuzo Related Posts
    Yellow Pencil Visual CSS Style Editor
    Easy WP SMTP
    WP GDPR Compliance
    Newspaper (CVE-2016-10972)
    Thim Core
    Smart Google Code Inserter (discontinued as of January 28, 2022)
    Total Donations
    Post Custom Templates Lite
    WP Quick Booking Manager
    Live Chat with Messenger Customer Chat by Zotabox
    Blog Designer
    WordPress Ultimate FAQ (CVE-2019-17232 and CVE-2019-17233)
    WP-Matomo Integration (WP-Piwik)
    ND Shortcodes
    WP Live Chat
    Coming Soon Page and Maintenance Mode
    Hybrid
    Brizy
    FV Flowplayer Video Player
    WooCommerce
    Coming Soon Page & Maintenance Mode
    Onetone
    Simple Fields
    Delucks SEO
    Poll, Survey, Form & Quiz Maker by OpinionStage
    Social Metrics Tracker
    WPeMatico RSS Feed Fetcher, and
    Rich Reviews

    Both variants are said to include an unimplemented method for brute-forcing WordPress administrator accounts, although it's not clear if it's a remnant from an earlier version or a functionality that's yet to see the light.

    "If such an option is implemented in newer versions of the backdoor, cybercriminals will even be able to successfully attack some of those websites that use current plugin versions with patched vulnerabilities," the company said.

    WordPress users are recommended to keep all the components of the platform up-to-date, including third-party add-ons and themes. It's also advised to use strong and unique logins and passwords to secure their accounts.

    The disclosure comes weeks after Fortinet FortiGuard Labs detailed another botnet called GoTrim that's designed to brute-force self-hosted websites using the WordPress content management system (CMS) to seize control of targeted systems.

    Two months ago, Sucuri noted that more than 15,000 WordPress sites had been breached as part of a malicious campaign to redirect visitors to bogus Q&A portals. The number of active infections currently stands at 9,314.

    The GoDaddy-owned website security company, in June 2022, also shared information about a traffic direction system (TDS) known as Parrot that has been observed targeting WordPress sites with rogue JavaScript that drops additional malware onto hacked systems.


    RobertWarrenSEO.com
    Telegram: @TheLegacy54
  • sandman!
    Icq: 14420613
    • Mar 2001
    • 15431

    #2
    Nothing new there is always some new wp exploit that needs to be patched
    Need WebHosting ? Email me for some great deals [email protected]

    Comment

    • Major (Tom)
      So Fucking Banned
      • Nov 2003
      • 32492

      #3
      Originally posted by TheLegacy
      Keep aware of what's happening WP users

      WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems.

      "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Russian security vendor Doctor Web said in a report published last week. "As a result, when users click on any area of an attacked page, they are redirected to other sites."

      The attacks involve weaponizing a list of known security vulnerabilities in 19 different plugins and themes that are likely installed on a WordPress site, using it to deploy an implant that can target a specific website to further expand the network.

      It's also capable of injecting JavaScript code retrieved from a remote server in order to redirect the site visitors to an arbitrary website of the attacker's choice.

      Doctor Web said it identified a second version of the backdoor, which uses a new command-and-control (C2) domain as well as an updated list of flaws spanning 11 additional plugins, taking the total to 30.


      https://thehackernews.com/2023/01/wo...fJ7VVHsUHYg2F0

      The targeted plugins and themes are below -

      WP Live Chat Support
      Yuzo Related Posts
      Yellow Pencil Visual CSS Style Editor
      Easy WP SMTP
      WP GDPR Compliance
      Newspaper (CVE-2016-10972)
      Thim Core
      Smart Google Code Inserter (discontinued as of January 28, 2022)
      Total Donations
      Post Custom Templates Lite
      WP Quick Booking Manager
      Live Chat with Messenger Customer Chat by Zotabox
      Blog Designer
      WordPress Ultimate FAQ (CVE-2019-17232 and CVE-2019-17233)
      WP-Matomo Integration (WP-Piwik)
      ND Shortcodes
      WP Live Chat
      Coming Soon Page and Maintenance Mode
      Hybrid
      Brizy
      FV Flowplayer Video Player
      WooCommerce
      Coming Soon Page & Maintenance Mode
      Onetone
      Simple Fields
      Delucks SEO
      Poll, Survey, Form & Quiz Maker by OpinionStage
      Social Metrics Tracker
      WPeMatico RSS Feed Fetcher, and
      Rich Reviews

      Both variants are said to include an unimplemented method for brute-forcing WordPress administrator accounts, although it's not clear if it's a remnant from an earlier version or a functionality that's yet to see the light.

      "If such an option is implemented in newer versions of the backdoor, cybercriminals will even be able to successfully attack some of those websites that use current plugin versions with patched vulnerabilities," the company said.

      WordPress users are recommended to keep all the components of the platform up-to-date, including third-party add-ons and themes. It's also advised to use strong and unique logins and passwords to secure their accounts.

      The disclosure comes weeks after Fortinet FortiGuard Labs detailed another botnet called GoTrim that's designed to brute-force self-hosted websites using the WordPress content management system (CMS) to seize control of targeted systems.

      Two months ago, Sucuri noted that more than 15,000 WordPress sites had been breached as part of a malicious campaign to redirect visitors to bogus Q&A portals. The number of active infections currently stands at 9,314.

      The GoDaddy-owned website security company, in June 2022, also shared information about a traffic direction system (TDS) known as Parrot that has been observed targeting WordPress sites with rogue JavaScript that drops additional malware onto hacked systems.

      Both variants? Is there a clot shot for the server?

      Comment

      Working...