PHP Reinfector and Backdoor Malware Target WordPress Sites

We recently observed a surge in WordPress websites being infected by a sophisticated PHP reinfector and backdoor malware. While we initially believed that the infection was linked to the wpcode plugin, we found that several sites without this plugin were compromised as well. Upon deeper investigation, we discovered that this malware not only reinfects website files but also embeds malicious code into other plugins and database tables wp_posts and wp_options. One backdoor we uncovered in the ‘Imagify’ plugin on one website revealed how attackers maintain unauthorized access to these sites, further spreading the infection.

Continue reading PHP Reinfector and Backdoor Malware Target WordPress Sites at Sucuri Blog.