CyberSecurity news
FlagThis
info@thehackernews.com (The@The Hacker News
//
Security researchers have uncovered a rise in hackers exploiting WordPress mu-plugins to inject malicious code. The mu-plugins directory, designed for automatically loading essential plugins, is being used to conceal malware, enabling persistent remote access and site redirection. Because these plugins are automatically enabled and not visible in the standard WordPress plugin interface, attackers can maintain a stealthy foothold, bypassing typical security checks. This allows them to inject spam, hijack site images, and maintain long-term control over compromised sites.
Researchers at Sucuri have identified three distinct types of malicious code being deployed. One variant redirects site visitors to external malicious websites, often disguised as browser updates serving malware. Another executes a webshell, providing attackers with remote code execution capabilities. The third injects spam onto the website, replacing images with explicit content and hijacking outbound links to malicious popups. The goal of this spam injection is often to promote scams or manipulate SEO rankings. These tactics are used to target website visitors while evading detection by search engines and administrators.
Website administrators are advised to include the mu-plugins directory in their regular security scans to detect and remove any unrecognized or suspicious files. Security experts recommend ensuring WordPress, plugins, and themes are updated and employing strong passwords with two-factor authentication. If a compromise is suspected, all unauthorized admin accounts and malicious files should be removed to prevent reinfection. These measures are crucial to securing WordPress sites against this evolving threat.
ImgSrc: blogger.googleu
References :
Researchers at Sucuri have identified three distinct types of malicious code being deployed. One variant redirects site visitors to external malicious websites, often disguised as browser updates serving malware. Another executes a webshell, providing attackers with remote code execution capabilities. The third injects spam onto the website, replacing images with explicit content and hijacking outbound links to malicious popups. The goal of this spam injection is often to promote scams or manipulate SEO rankings. These tactics are used to target website visitors while evading detection by search engines and administrators.
Website administrators are advised to include the mu-plugins directory in their regular security scans to detect and remove any unrecognized or suspicious files. Security experts recommend ensuring WordPress, plugins, and themes are updated and employing strong passwords with two-factor authentication. If a compromise is suspected, all unauthorized admin accounts and malicious files should be removed to prevent reinfection. These measures are crucial to securing WordPress sites against this evolving threat.
ImgSrc: blogger.googleu
Share:
References :
- The DefendOps Diaries: Understanding the Threat: WordPress MU-Plugins and Security Risks
- The Hacker News: Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
- BleepingComputer: Hackers abuse WordPress MU-Plugins to hide malicious code
- www.scworld.com: WordPress attackers hide malware in overlooked plugins directory
- Vulnerable U: Stealthy WordPress Malware Exploits Mu-Plugins Directory
- bsky.app: Hackers are utilizing the WordPress mu-plugins ("Must-Use Plugins") directory to stealthily run malicious code on every page while evading detection.
- Cyber Security News: Threat Actors Hide Malware in WordPress Sites to Execute Remote Code
- gbhackers.com: Threat Actors Embed Malware in WordPress Sites to Enable Remote Code Execution
- bsky.app: Hackers exploit little-known WordPress MU-plugins feature to hide malware
- Malware ? Graham Cluley: Hackers exploit little-known WordPress MU-plugins feature to hide malware
- securityaffairs.com: Hiding WordPress malware in the mu-plugins directory to avoid detection
- Risky.Biz: Hackers abuse secret WordPress feature you'll probably want to disable
- Sucuri Blog: Hidden Malware Strikes Again: Mu-Plugins Under Attack