- Scientists from Sucuri found malicious code stored in the MU-plugins library
- Malware redirected visitors, served spam and could even drop malware
- The sites were compromised through vulnerable plugins, bad admin -password codes and more
A special library in WordPress is abused to host malicious code, researchers have claimed that the warned code allows threat players to remain lasting on vulnerable sites while performing arbitrary code, redirecting people to malicious websites and showing unwanted spam and ads.
Researchers from Sucuri discovered threat actors hidden malicious code in the “MU-plugins” (abbreviated to Must-Muse-plugins), a library that stores plugins that are activated automatically and cannot be deactivated through the Admin panel.
These are typically used for essential site functionality, custom changes or performance optimizations that always have to run.
Risk of Remote Code -Insiko
“This approach represents a trend of trend as the MU plugins are not listed in the standard WordPress plugin interface, making them less noticeable and easier for users to ignore during routine security control,” explained Sucuri researchers.
So far, the analysis revealed three variants of malicious code-redirect.php (redirects visitors to malicious sites), index.php (Execution for Remote Code and Malware Drops) and Custom-js-loader.php (injects spam).
“The potential impact ranges from minor disadvantages to serious security breaches, highlighting the importance of proactive site security measures,” Sucuri warned.
The discussion about how the websites could have been infected, the researchers said there were several ways to compromise on a WordPress site. It includes utilization of a vulnerable plugin or theme, compromised admin credentials or abuse of poorly secured hosting environments.
To mitigate the risk, site administrators must scan their WP installation for malicious files (especially in the MU-plugins library), see for unauthorized Admin accounts, audit-installed plugins, update WordPress, plugins and themes, change all admin-access codes and set 2FA if possible, and monitor. Safety socket.
WordPress is the world’s best site builder that drives most of the sites on the Internet. As such, the platform is constant during a barrier of cyberattacks.
Via Hacker the news
