The Wordfence Threat Intelligence team recently discovered an interesting malware variant that appears in the file system as a normal WordPress plugin, often with the name ‘WP-antymalwary-bot.php’, and contains several functions that allow attackers to maintain access to your site, hide the plugin from the dashboard, and execute remote code. Pinging functionality that can report back to a Command & Control (C&C) server is also included, as is code that helps spread malware into other directories and inject malicious JavaScript responsible for serving ads.
The post Interesting WordPress Malware Disguised as Legitimate Anti-Malware Plugin appeared first on Wordfence.
This article has been indexed from Blog – Wordfence