May 1, 03:21 PM

Fake WordPress Security Plugin Injects Backdoor, Enables Remote Code Execution and Causes AdSense Earnings Loss

A new malware threat has been identified targeting WordPress websites through a fake security plugin that grants attackers remote administrative access. This malicious plugin, disguised as an anti-malware tool, injects a backdoor into affected sites, enabling hackers to execute remote code, hijack websites, inject spam advertisements, steal credit card information, and even reinstall themselves if removed. Some victims have reported losing their own AdSense earnings as a result of this compromise. Cybersecurity experts have raised concerns about the growing use of such deceptive plugins to exploit WordPress platforms.

#WordPress #AdSense

Written with ChatGPT (GPT-4).

Sources

Nicolas Krassas@Dinosn
8 months ago
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers https://t.co/a09xIuWfms
Infosec Alevski 💻🕵️‍♂️@Alevskey
8 months ago
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers: https://t.co/fVhQ8m57WY by The Hacker News #infosec #cybersecurity #technology #news
The Hacker News@TheHackersNews
8 months ago
🛑 Hackers are disguising malware as security plugins to hijack sites, inject spammy ads, steal credit cards, & even re-install themselves if deleted. Some victims are unknowingly losing their own AdSense earnings. 💣 Features: Remote code execution, reverse proxy skimming, https://t.co/6itlXmnptH

Fake WordPress Security Plugin Injects Backdoor, Enables Remote Code Execution and Causes AdSense Earnings Loss

Sources

Additional media