Fake Spam Plugin Uses Victim’s Domain Name to Evade Detection

During our investigation of an SEO spam infection (spam content designed to manipulate search engine results), we discovered a nicely crafted plugin that named itself after the infected domain, helping it evade detection. While this tactic was simple, it easily blended in with other legitimate plugins, making it harder to spot during the troubleshooting process.

The plugin was designed to appear harmless, with a folder name that mimicked the site’s domain. This unique customization made the plugin easy to overlook, as it appeared to be a legitimate component made specifically for the site.

Continue reading Fake Spam Plugin Uses Victim’s Domain Name to Evade Detection at Sucuri Blog.