WordPress plugin has a hidden crypto miner
The popular website builder has a virus
WordPress is probably the most famous tool for building websites, free or paid. There are tens of thousands of templates that make it easy to create a site in a matter of minutes, but there also may be an issue lurking in the shadows that users don’t know about. According to a security firm, there is a plugin for WordPress sites that is actually a hidden cryptocurrency miner and which can begin its operations without the user ever knowing it.
Cybersecurity company Sucuri found the malicious plugin last month, hiding as a clone of the “wpframework” file. It allows a hacker to “gain and maintain unauthorized access to the site environment” and, once installed, will check to see if the computer has any disabled functions. It then scans for system, exec and passthru functions as it hunts for a way to execute commands on a server level.
The company explains, “While most backdoors typically only care about PHP execution, the following part of the code explains why this plugin wants to execute server commands. When the plugin downloads, it changes permissions and runs a Linux executable binary file (64 or 32-bit version).”
It continues, “What is especially concerning about this particular fake plugin is that it can be easily used to just run just about any code through the eval function. The good news is that monitoring for changes to the active plugins on your website and unauthorized access is a good way to mitigate risk and prevent this from happening. The Sucuri Security WordPress plugin can accomplish this with its monitoring and hardening features. Using a web application firewall can also prevent most attacks and further restrict unauthorized access to the WordPress administrator dashboard.”
Web designers need to be sure they check their systems for the file and novice users need to be careful about what plugins they download. Reputable sources should be the only ones used and extra caution should be given to what applications are being included in downloaded libraries.