Analysis of a Malicious WordPress Plugin: The Covert Redirector
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A malicious WordPress plugin named 'wordpress-player.php' has been discovered, affecting at least 26 websites. The plugin injects a hidden HTML5 video player and establishes a WebSocket connection to a command and control server. It redirects visitors to suspicious websites after 4-5 seconds, avoiding execution for logged-in users. The malware uses a fake 'WordPress Core' author name to evade detection. It impacts website integrity through unauthorized redirects, SEO degradation, and potential security risks to visitors. Mitigation steps include thorough scanning, malware removal, credential resets, software updates, and implementing a Web Application Firewall.
OPENCTI LABELS :
c2,wordpress,plugin,seo,websocket,redirect,wordpress-player.php,website-integrity
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Analysis of a Malicious WordPress Plugin: The Covert Redirector