By Recently at Sucuri, we investigated a malware case reported by one of our clients. Their WordPress site was compromised, and the attacker had installed a fake plugin. Upon analysis revealed that it was a sophisticated backdoor plugin designed to create a persistent and hidden administrator account.
What Did We Find?
The infection was located inside the WordPress plugins directory:
./wp-content/plugins/wp-compat/wp-compat.php
The plugin claimed to fix compatibility issues with newer WordPress and PHP versions.
Continue reading Unauthorized Admin User Created via Disguised WordPress Plugin at Sucuri Blog.
Comments