By During a recent investigation, we discovered a sophisticated WordPress backdoor hidden in what appears to be a JavaScript data file. This malware automatically logs attackers into administrator accounts without requiring any credentials.
In September, we published an article showcasing another WordPress backdoor that creates admin accounts. This new variant takes a different approach by hijacking existing administrator sessions instead of creating new accounts, making it harder to detect through user audits.
What turned up during our review
The file was disguised as a JavaScript asset in a PHP file located in the WordPress admin wp-admin/js directory, but it was really all PHP.
Continue reading WordPress Auto-Login Backdoor Disguised as JavaScript Data File at Sucuri Blog.
Comments