Linux Malware Exploits 30 Vulnerabilities To Target WordPress Websites

Heads up, WordPress admins! Researchers have warned users of a new Linux malware that targets WordPress websites with malicious JavaScript. The malware exploits 30 vulnerabilities in different WordPress themes and plugins to accomplish the goal.

Linux Malware Targeting WordPress Websites

According to Doctor Web, a new Linux malware has surfaced online, actively targeting WordPress websites. Identified as Linux.BackDoor.WordPressExploit.1, the malware targets both 32-bit and 64-bit Linux versions.

As the identification hints, the malware basically serves as a backdoor for the attackers to gain access to the target sites. The malware exploits 30 vulnerabilities across various WordPress plugins and themes to infiltrate a website. That means the WordPress-based sites running the vulnerable plugins are typically at risk of this backdoor infection. These include,

  • WP Live Chat Support Plugin
  • Easysmtp
  • WordPress – Yuzo Related Posts
  • WP GDPR Compliance Plugin
  • Yellow Pencil Visual Theme Customizer Plugin
  • Newspaper Theme on WordPress Access Control (vulnerability CVE-2016-10972)
  • Google Code Inserter
  • Total Donations Plugin
  • Thim Core
  • Post Custom Templates Lite
  • WP Quick Booking Manager
  • Blog Designer WordPress Plugin
  • Faceboor Live Chat by Zotabox
  • WordPress Ultimate FAQ (vulnerabilities CVE-2019-17232 and CVE-2019-17233)
  • WordPress ND Shortcodes For Visual Composer
  • WP-Matomo Integration (WP-Piwik)
  • WP Live Chat
  • Hybrid
  • Coming Soon Page and Maintenance Mode

The malware first exploits vulnerabilities in these plugins (where found), then allows the attacker to infect the target site with malicious JavaScript codes. These malicious scripts redirect website visitors to attackers’ sites. That means this Linux malware serves as a potent tool for executing successful phishing attacks.

Besides attacking the site, the attackers may command the malware to pause action logging, switch to standby mode, or even shut down.

Doctor Web also highlighted another variant, Linux.BackDoor.WordPressExploit.2, that exploits more vulnerabilities in the following plugins.

  • WooCommerce
  • WordPress Coming Soon Page
  • Brizy WordPress Plugin
  • FV Flowplayer Video Player
  • WordPress theme OneTone
  • Simple Fields WordPress Plugin
  • Poll, Survey, Form & Quiz Maker by OpinionStage
  • WordPress Delucks SEO plugin
  • Social Metrics Tracker
  • Rich Reviews plugin
  • WPeMatico RSS Feed Fetcher

Watch Out for This Malware

Elaborating on the details in their post, team Doctor Web has urged all WordPress admins to remain vigilant regarding their sites’ security. Specifically, users must ensure keeping their sites up-to-date with the latest themes, plugins, and CMS versions.

Moreover, this backdoor can also hijack websites’ admin accounts, which means infected websites may remain compromised even after updating to the patched theme/plugin versions. Hence, users must ensure setting up strong login credentials for all associated user accounts.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients