New Linux Malware Targets Plugins to Backdoor WordPress CMS Websites

Another day, another episode of the cybersecurity blues. And once again, WordPress has a starring role.

According to Bleeping Computer, a previously unknown Linux malware is exploiting over 30 vulnerabilities in outdated WordPress plugins and themes to inject malicious JavaScript.

The malware targets both 32-bit and 64-bit Linux systems. The trojan’s main functionality is to hack WordPress sites using a set of hardcoded exploits until one is successful. The operator would then have remote command capabilities.

WordPress holds the largest share of the global CMS market, with an estimated 43% of all websites powered by the open source platform. This makes it a big target for hackers, bad actors, and cybersecurity threats – and this is only the latest in a string of complex and nefarious attacks.

Using plugins and themes to control WordPress websites

There’s always a risk that any WordPress widget could be a ticking timebomb.

In 2022 alone, researchers found malicious plugins installed on over 25,000 WordPress websites. In most cases, the plugins were procured through legitimate marketplaces. Once added to a website, malware was injected by exploiting a vulnerability – much like this new Linux threat.

Thousands of WordPress websites may be affected by this threat. According to SC Media, once attacked, an infected site may be used for phishing and malvertising campaigns, as well as malware distribution initiatives.

It’s worth checking your WordPress instances to see if any of these affected plugins are in use:

  • WP Live Chat Support Plugin
  • WordPress – Yuzo Related Posts
  • Yellow Pencil Visual Theme Customizer Plugin
  • Easysmtp
  • WP GDPR Compliance Plugin
  • Newspaper Theme on WordPress Access Control (CVE-2016-10972)
  • Thim Core
  • Google Code Inserter
  • Total Donations Plugin
  • Post Custom Templates Lite
  • WP Quick Booking Manager
  • Facebook Live Chat by Zotabox
  • Blog Designer WordPress Plugin
  • WordPress Ultimate FAQ (CVE-2019-17232 and CVE-2019-17233)
  • WP-Matomo Integration (WP-Piwik)
  • WordPress ND Shortcodes For Visual Composer
  • WP Live Chat
  • Coming Soon Page and Maintenance Mode
  • Hybrid

Combatting an evolving landscape of security threats

With hundreds of millions of active websites across the globe, hackers are having a field day.

According to Security Magazine, cyberattacks are on the rise and becoming more sophisticated by the day. Among the top threats in 2022, malware led the pack, representing the highest cost of damage to organizations.  

WordPress, as mentioned, continues to be a growing vector. Case in point: The Hacker News recently reported on another Go Trim botnet attack that targeted WordPress website administrator accounts. Botnet malware has the capability to bypass traditional anti-bot protections, making sites even more vulnerable to the standard bot-evasion techniques.

But all is not lost. WordPress CMS administrators can fight back by adopting solid policies around their security practices. By vetting all plugin source code via an experienced DevSecOps team, many vulnerabilities can be uncovered before a plugin is pushed to production. This can augment strong password policies and the use of multi-factor authentication to reduce the surface area for would-be attackers.

WordPress websites can also be hosted in more secure environments like WP Engine, which disallow certain plugins and themes due to security or performance issues.