The Wordfence Threat Intelligence team recently discovered an interesting malware variant that appears in the file system as a normal WordPress plugin containing a comment header, a handful of functions as well as a simple admin interface. Just like previous examples we have seen, this piece of malware contains code that ensures it remains hidden in the administrator dashboard. It has a password extraction feature, which requires configuration through its own admin interface, an AJAX-based remote code execution mechanism and unfinished code suggesting it is still in development.
The post Malware Masquerades as Legitimate, Hidden WordPress Plugin with Remote Code Execution Capabilities appeared first on Wordfence.
This article has been indexed from Blog – Wordfence