Hacker Hides Backdoor Inside Fake WordPress Security Plugin

Hacker Hides Backdoor Inside Fake WordPress Security Plugin

A cyber-criminal has hidden the code for a PHP backdoor inside the source code of a WordPress plugin masquerading as a security tool named “X-WP-SPAM-SHIELD-PRO.”The attacker was obviously trying to leverage on the reputation of a legitimate and highly popular WordPress plugin called “WP-SpamShield Anti-Spam,” a popular anti-spam tool for self-hosted WordPress sites.Instead, users who downloaded X-WP-SPAM-SHIELD-PRO got a nasty surprise in the form of a backdoor that allowed the attacker to create his own admin account on the site, upload files on the victim’s servers, disable all plugins, and more.

Källa: Hacker Hides Backdoor Inside Fake WordPress Security Plugin


Anmäl dig till Mackens Nyhetsbrev


Du får förhandsinformation om Macken, våra planer och du får informationen, först och direkt till din mail. Vi lovar att inte skicka din information vidare och vi lovar att inte skicka ut mer än max ett nyhetsbrev per månad. Anmäl dig här