Fake WordPress SEO Plugin Provides Backdoor Access to Attackers

Follow by Email4k
Facebook
Facebook
Google+25
https://latesthackingnews.com/2017/03/31/fake-wordpress-seo-plugin-provides-backdoor-access-attackers/
Twitter108

Researchers have found a fake WordPress plugin which is targeting the WordPress. It is called WP-Base-SEO and is a forgery of the legitimate search engine optimisation plugin named WordPress SEO Tools, the security firm SiteLock said.

According to the SiteLock, at the first glance, the file appears as a legitimate one, including documentation of how it works exactly and a reference to the WordPress plugin database. However, a closer look, reveals that this plugin has a malicious intent in form of a PHP eval request in base64 encoded form.

The Eval is a PHP function which executes an arbitrary PHP code and is frequently used for various malicious purposes. Eval has been abused so much that the php.net recommends against using it.

Related  Over Half of the Google Chrome's Pageloads are HTTPS now

This malicious WP-Base-SEO plugin’s directory holds two files. One of them is wp-sep.php which uses a different function and variable names depending on install. The second is wp-seo-main.php which uses a native WordPress hook functionality to attach the above-mentioned eval request to the header of website’s theme.

Now, the attackers have back-door access and they can force sites to do whatever they desire.

“Some versions include an additional hook that runs after each page load. This means that anytime the theme is loaded in a browser, the request is initialized,” SiteLock notes in the report.

You Can’t See It

Follow by Email4k
Facebook
Facebook
Google+25
https://latesthackingnews.com/2017/03/31/fake-wordpress-seo-plugin-provides-backdoor-access-attackers/
Twitter108

Leave a Reply

Like the article? please consider sharing it. Thank you