A newly discovered cyberattack is targeting WordPress websites by using a plugin that pretends to improve security but actually opens a backdoor for criminals. This fake plugin secretly gives attackers full control of affected sites.
How the Infection Begins
Security researchers at Wordfence found this malware while cleaning an infected website earlier this year. They noticed that a key WordPress system file named ‘wp-cron.php’ had been tampered with. This edited file was creating and activating a hidden plugin on its own, without the website owner’s permission.
This plugin has appeared under various names such as:
• wp-antymalwary-bot.php
• addons.php
• wpconsole.php
• wp-performance-booster.php
• scr.php
Even if the plugin is deleted manually, the altered ‘wp-cron.php’ file automatically brings it back the next time someone visits the website. This allows the malicious code to keep coming back.
How Hackers Might Be Gaining Entry
It’s still not clear how the hackers are getting into these websites in the first place. Experts believe they may be using stolen login credentials for hosting accounts or file transfer servic
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.