X-WP-SPAM-SHIELD-PRO WordPress Plugin Installs Backdoor on WordPress-Powered Websites

Securi researchers recently discovered that the WordPress plugin X-WP-SPAM-SHIELD-PRO contains code for a PHP backdoor that allows the plugin developer to create administrator accounts on websites using the plugin, upload files onto associated servers and run them, and disable other plugins. It is believed that the developer attempted to fool WordPress administrators into installing the malicious plugin by masquerading as the legitimate anti-spam plugin WP-SpamShield Anti-Spam. Although this plugin was not available through the official WordPress Plugins repository, it was available through unofficial sources. The NJCCIC recommends users and administrators of WordPress websites currently using the X-WP-SPAM-SHIELD-PRO plugin read the Securi blog and promptly uninstall it from their websites, re-enable any plugins disabled by the malicious plugin, and examine associated servers for unauthorized file uploads or installations, deleting any instance as soon as possible.