Hidden Malware Strikes Again: Mu-Plugins Under Attack

At Sucuri, our security researchers continually monitor for new malware variants and infection techniques targeting WordPress websites. Recently, we’ve uncovered multiple cases where threat actors are leveraging the mu-plugins directory to hide malicious code. This approach represents a concerning trend, as the mu-plugins (Must-Use plugins) are not listed in the standard WordPress plugin interface, making them less noticeable and easier for  users to  ignore during routine security checks.

What Was Discovered

Two different cases of malware emerged in the mu-plugins directory, both utilizing different methods to compromise WordPress sites:

1. Fake Update Redirect Malware: Detected in the file wp-content/mu-plugins/redirect.php, this malware redirected site visitors to an external malicious website.

Continue reading Hidden Malware Strikes Again: Mu-Plugins Under Attack at Sucuri Blog.