More WordPress Plugins Hiding Backdoors
Threat actors are continuing to purchase WordPress plugins to add backdoor code to them for malicious purposes. Most recently, a threat actor added backdoor code to three old, abandoned plugins in order to insert content and links on affected sites via a remote server. Researchers believe that the code is being used to inject hidden search engine optimization (SEO) spam on affected sites to help improve the search engine ranking of other sites. Just last week, Wordfence experts determined a UK individual purchased and inserted backdoor code into several popular plugins, including Captcha and Display Widgets. Additionally, White Fir Design researchers recently determined that hundreds of WordPress sites are still running one of the 14 plugins that contained a similar SEO spam backdoor, three years after it was first reported. While WordPress has either removed or replaced some of the malicious plugins with clean versions, the NJCCIC recommends all WordPress website administrators review the linked reports above and verify that they have non-malicious versions of affected plugins installed.