A PHP backdoor has been injected by a hacker inside the source code of a Wordpress plugin named “X-WP-SPAM-SHIELD-PRO”. Wordpress is the most popular CMS with largest market share by far (more than 27% of the internet). The fake plugin has been discovered by Sucuri researchers, the plugin was not available on the official WordPress Plugins repository, victims installed it through other sources.
According to Sucuri:
“Recently, a fake WordPress security plugin called X-WP-SPAM-SHIELD-PRO got our attention. Fake plugins often have a few folders and plugin names that appear legitimate, but the contents include a malicious file that contains a backdoor or similar malware.”
Users who installed the fake security plugin (X-WP-SPAM-SHIELD-PRO) were shocked because the backdoor enabled the attacker to generate his own admin account on the affected site, upload malicious files on the victim’s servers, disable other plugins, and much more.
Remember that not all security plugins are secure. By downloading fake plugins from untrusted sources or leaving your website vulnerable, you are placing your website at a great risk.