(Ananova News) January 04, 2023.

WordPress plugin flaws leveraged by novel Linux malware

Recently, a security alert revealed that WordPress websites on Linux were targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. The targeted websites were injected with malicious JavaScript retrieved from a remote server. As a result, when visitors click on any area of an infected page, they are redirected to another arbitrary website of the attacker’s choice.

The disclosure comes weeks after Fortinet FortiGuard Labs detailed another botnet called GoTrim that’s designed to brute-force self-hosted websites using the WordPress content management system (CMS) to seize control of targeted systems. In June 2022, the GoDaddy-owned website security company shared information about a traffic direction system (TDS) known as Parrot that has been observed targeting WordPress sites with rogue JavaScript that drops additional malware onto hacked systems. Last month, Sucuri noted that more than 15,000 WordPress sites had been breached as part of a malicious campaign to redirect visitors to bogus Q&A portals. The number of active infections currently stands at 9,314. January 03, 2023, Bleeping Computer reports thirty security vulnerabilities in numerous outdated WordPress plugins and themes are being leveraged by a novel Linux malware to facilitate malicious JavaScript injections. Dr. Web reported that malware compromised both 32- and 64-bit Linux systems, and uses a set of successively running hardcoded exploits to compromise WordPress sites.

Outdated and vulnerable plugins and themes

It involves weaponizing a list of known security vulnerabilities in 19 different plugins and themes that are likely installed on a WordPress site. These infected themes or plugins prompt the malware to retrieve malicious JavaScript from its command-and-control server prior to script injection. The hacker can deploy an implant to target specific websites to expand the network for phishing and malvertising campaigns, as well as malware distribution initiatives.

Doctor Web revealed the targeted plugins and themes –

• WP Live Chat Support
• Yuzo Related Posts
• Yellow Pencil Visual CSS Style Editor
• Easy WP SMTP
• WP GDPR Compliance
• Newspaper (CVE-2016-10972)
• Thim Core
• Smart Google Code Inserter (discontinued as of January 28, 2022)
• Total Donations
• Post Custom Templates Lite
• WP Quick Booking Manager
• Live Chat with Messenger Customer Chat by Zotabox
• Blog Designer
• WordPress Ultimate FAQ (CVE-2019-17232 and CVE-2019-17233)
• WP-Matomo Integration (WP-Piwik)
• ND Shortcodes
• WP Live Chat
• Coming Soon Page and Maintenance Mode
• Hybrid
• Brizy
• FV Flowplayer Video Player
• WooCommerce
• Coming Soon Page & Maintenance Mode
• Onetone
• Simple Fields
• Delucks SEO
• Poll, Survey, Form & Quiz Maker by OpinionStage
• Social Metrics Tracker
• WPeMatico RSS Feed Fetcher, and
• Rich Reviews

Technical experts always suggest keeping software (theme, plugins, third-party add-ons & WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress Hosting, as the provider monitors website security, takes regular backup, and always keep them up.

The companies like WordPress.com have got the expertise to protect hosted websites from cyber attacks, breaches, hacking, Identity and access management (IAM), Malware and Vulnerabilities, and Phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups which ensure business continuity. A secured website has a good online reputation, thus businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, & viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, asks for crucial security measures. Google penalises or blacklists malwarised or phishing websites.