Researchers have identified a new trojanized backdoor program that exploits multiple vulnerabilities in WordPress plug-ins and themes to breach websites based on the WordPress content management system. The flaws are being abused to execute an attack.
Threat actors have been using these tools for more than three years to carry out such attacks and monetize the resale of traffic, or arbitrage.
The Trojan’s version 1 variant abuses are WP Live Chat Support Plugin; Yellow Pencil Visual Theme Customizer Plugin; Easysmtp; WP GDPR Compliance Plugin; Google Code Inserter; Blog Designer WordPress Plugin; and WP Live Chat. Version 2 exploits other WordPress plugins, including Brizy WordPress Plugin; FV Flowplayer Video Player; WordPress Coming Soon Page; Poll, Survey, Form & Quiz Maker by OpinionStage; and Social Metrics Tracker.
WordPress plug-ins and themes are a popular avenue for cybercriminals looking to take over websites; they can be used for everything from phishing to ad fraud to malware distribution. Vulnerabilities are not uncommon.
This research was documented by experts from Doctor Web.