Global CyberSecurity

Malicious Redirects Through Bogus Plugin

By OTC 06/17/2021

Post Views: 677

Last Updated on 06/17/2021 by OTC

Recently we have been seeing a rash of WordPress website compromises with attackers abusing the plugin upload functionality in the wp-admin dashboard to redirect visitors and website owners to malicious websites.

The payload is the following bogus plugin located here:

./wp-content/plugins/plugs/plugs.php

At first glance these appear to be very unorthodox domains:

hxxp://xn--o1aofd[.]xn--p1ai

hxxp://xn--80ady8a[.]xn--p1ai

hxxp://xn--80adzf[.]xn--p1ai

hxxp://xn--g1aey4a[.]xn--p1ai

hxxp://xn--g1asqf[.]xn--p1ai

hxxp://xn--i1abh6c[.]xn--p1ai

However, they are using what is known as “punycode”, where everything after the xn-- is unicode.

Continue reading Malicious Redirects Through Bogus Plugin at Sucuri Blog.

Comments

Comments are closed.

More in Global CyberSecurity

Global CyberSecurity

Web Shells: Types, Mitigation & Removal

By OTC04/08/2024

Global CyberSecurity

Magento Shoplift: Ecommerce Malware Targets Both WordPress & Magento CMS

By OTC04/02/2024

Global CyberSecurity

WordPress Vulnerability & Patch Roundup March 2024

By OTC03/25/2024

error: Content is protected !!

Malicious Redirects Through Bogus Plugin

8 Experts Weigh in on the Past, Present, and Future Evolution of Link Building

How to Make Newsworthy Content

Comments

More in Global CyberSecurity

Web Shells: Types, Mitigation & Removal

Magento Shoplift: Ecommerce Malware Targets Both WordPress & Magento CMS

WordPress Vulnerability & Patch Roundup March 2024

Cyber-Space

WordPress Maintenance: Tasks & Best Practices

Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker

Web Shells: Types, Mitigation & Removal

Social EYK

PHMC GPE – WebLog

8 Experts Weigh in on the Past, Present, and Future Evolution of Link Building

How to Make Newsworthy Content

You may also like

Comments

More in Global CyberSecurity

Cyber-Space

Social EYK

PHMC GPE – WebLog