Global CyberSecurity

Fake WordPress Functions Conceal assert() Backdoor


Last Updated on 12/08/2020 by OTC

A few weeks ago, I was manually inspecting some files on a compromised website. While checking on a specific WooCommerce file, I noticed something interesting.

Among 246 other lines, this very specific part stood out to me:

$config = wp_dbase_config_init(‘_as_sert’);

For those readers familiar with PHP functions commonly misused by hackers, you may have already spotted _as_sert as something suspicious.

Since it resembles the assert() function, letโ€™s check the PHP definition of the function:

bool assert ( mixed $assertion [, string $description ] )
assert() will check the given assertion and take appropriate action if its result is FALSE.

Continue reading Fake WordPress Functions Conceal assert() Backdoor at Sucuri Blog.

An SEO’s Experience in 2020: Opportunities and Challenges

Previous article

Hellenic Navyโ€™s New Frigates Program: The frantic search for a new โ€œAVEROFโ€

Next article

You may also like


Comments are closed.