Security researchers announced on Monday that there had been a supply chain attack on up to 36,000 WordPress plugins running on a wide range of websites that had been backdoored by unknown hackers. Currently, researchers from security firm Wordfence report that the campaign has affected five plugins as of Monday morning. It has been active since last week. It has been reported that unknown threat actors have recently added malicious functionality to plugin updates on WordPress.org, which is the official site for the free open-source WordPress CMS. This update creates an attacker-controlled administrative account that can be used to control the compromised site, as well as add content designed to boost search results.
The updates can be installed automatically when the updates are installed. There has been a significant amount of backdooring in WordPress plugins to allow malicious code to be injected which can lead to the creation of rogue administrator accounts which can be used for arbitrary purposes. As Wordfence security researcher Chloe Chamberland pointed out in an alert on Monday, the malware injects itself into the system, attempting to create an administrator user account and sending back that account’s details to the attacker’s server.
Further, it appears that the threat actor may also have injected malicious JavaScript into the footers of websites, which appears to be causing SEO spam to be displayed throughout the website. According to Wordfence security researche
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: