216.73.217.50

PHP Reinfector and Backdoor Malware Target WordPress Sites

· Published 14/11/2024 03:18 · Modified 14/11/2024 08:59

Export JSON

Essential information

Published
14/11/2024 03:18
Modified
14/11/2024 08:59
Tags
2024-11-14 backdoor backdoor malware cron system database manipulation obfuscation persistent threat php php reinfector plugin infection reinfector vextrio wordpress
Related entities
10 techniques (mitre), 2 malware

Description

A sophisticated and is targeting websites, infecting plugin files and database tables. The malware reinfects active plugins, manipulates wp_options and wp_posts tables, and creates malicious admin users. It utilizes 's to maintain control and injects third-party scripts for scam redirects. The infection mechanism goes beyond the WPCode plugin, affecting sites without it installed. The malware employs various techniques to evade detection, including function and deactivating security plugins. It also includes a for remote code execution. This emphasizes the need for regular site monitoring, updates, and professional security measures to prevent and address infections effectively.

External references