PHP Reinfector and Backdoor Malware Target WordPress Sites
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated PHP reinfector and backdoor malware is targeting WordPress websites, infecting plugin files and database tables. The malware reinfects active plugins, manipulates wp_options and wp_posts tables, and creates malicious admin users. It utilizes WordPress's cron system to maintain control and injects third-party scripts for VexTrio scam redirects. The infection mechanism goes beyond the WPCode plugin, affecting sites without it installed. The malware employs various techniques to evade detection, including function obfuscation and deactivating security plugins. It also includes a backdoor for remote code execution. This persistent threat emphasizes the need for regular site monitoring, updates, and professional security measures to prevent and address infections effectively.
OPENCTI LABELS :
backdoor,obfuscation,wordpress,php,database manipulation,vextrio,backdoor malware,persistent threat,php reinfector,plugin infection,reinfector,cron system
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
PHP Reinfector and Backdoor Malware Target WordPress Sites