A new malware threat has been identified targeting WordPress websites through a fake security plugin that grants attackers remote administrative access. This malicious plugin, disguised as an anti-malware tool, injects a backdoor into affected sites, enabling hackers to execute remote code, hijack websites, inject spam advertisements, steal credit card information, and even reinstall themselves if removed. Some victims have reported losing their own AdSense earnings as a result of this compromise. Cybersecurity experts have raised concerns about the growing use of such deceptive plugins to exploit WordPress platforms.