PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin

The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users.
The Download Plugin link redirects the victim to a convincing fake landing page at en-gb-wordpress[.
It then sends the site URL and generated password for this user back to a C2 domain: wpgate[.
The malicious plugin also includes functionality to ensure that this user remains hidden.
It downloads a separate backdoor from wpgate[.
Zip and saves it with a filename of wp-autoload.php in the webroot.
This allows attackers to maintain persistence through multiple forms of access, granting them full control over the WordPress site as well as the web user account on the server.
In today's PSA, we warned of a phishing campaign targeting WordPress users intended to trick victims into installing a malicious backdoor plugin on their site.
Our telemetry indicates that no Wordfence users are currently infected, and we have added the malicious administrator user to our known malicious usernames.
We are currently in the process of testing malware signatures to detect both the malicious plugin and the separate backdoor, which will be released to Wordfence Premium, Wordfence Care, Wordfence Response, and paid Wordfence CLI users as soon as possible.
Wordfence free users will receive the same signatures 30 days later.
We will release a deep-dive analysis of the malicious plugin and separate wp-autoload.php backdoor in a future post.
For the time being, be on the lookout for this phishing email and do not click any links, including the Unsubscribe link, or install the plugin on your site.
If you have friends or acquaintances with WordPress sites, please forward this advisory to them to ensure that they do not install this malicious plugin.


This Cyber News was published on packetstormsecurity.com. Publication date: Mon, 04 Dec 2023 13:43:04 +0000


Cyber News related to PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin

PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin - The Wordfence Threat Intelligence Team has recently been informed of a phishing campaign targeting WordPress users. The Download Plugin link redirects the victim to a convincing fake landing page at en-gb-wordpress[. It then sends the site URL and ...
11 months ago Packetstormsecurity.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
9 months ago Techrepublic.com
BianLian GOs for PowerShell After TeamCity Exploitation - In conjunction with GuidePoint's DFIR team, we responded to an incident that began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of BianLian's GO backdoor. The threat actor identified a ...
8 months ago Securityboulevard.com
New Phishing Scam Hooks META Businesses with Trademark Threats - The phishing scam falsely asserts that the victim's Facebook page will be permanently deleted due to a post allegedly infringing on trademark rights. There is no actual infringement; it's all part of the scammer's malicious plan. In a recent wave of ...
10 months ago Hackread.com
Check Point Research Unfolds: Navigating the Deceptive Waters: Unmasking A Sophisticated Ongoing NFT Airdrop Scam - Sophisticated Scam Targeting Token Holders: Over 100 popular projects' token holders targeted with fake NFT airdrops appearing from reputable sources. Multi-Stage Deception Uncovered: The ongoing Scam involves enticing victims to fraudulent websites ...
10 months ago Blog.checkpoint.com
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam. What is new is that apps perpetrating the scam can be downloaded from the official Apple and Android app stores - giving them greater apparent validity to ...
1 year ago Securityweek.com
Fraudsters make $50,000 a day by spoofing crypto researchers - Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X. To lure potential victims, the scammer uses a breach on major ...
11 months ago Bleepingcomputer.com
Watch out for "I can't believe he is gone" Facebook phishing posts - This phishing attack is ongoing and widely spread on Facebook through friend's hacked accounts, as the threat actors build a massive army of stolen accounts for use in further scams on the social media platform. As the posts come from your friends' ...
10 months ago Bleepingcomputer.com
USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data - A new USPS Delivery Phishing Scam has surfaced, in which scammers are exploiting Freemium Dynamic DNS and SaaS Providers to steal victims' login credentials and other data. Cybersecurity researchers at Bloster AI have uncovered a new USPS Delivery ...
11 months ago Hackread.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
1 year ago Trendmicro.com
Fake browser updates spread updated WarmCookie malware - The latest campaign was discovered by researchers at Gen Threat Labs, who observed the WarmCookie backdoor being distributed as fake Google Chrome, Mozilla Firefox, Microsoft Edge, and Java updates. FakeUpdate is a cyberattack strategy used by a ...
1 month ago Bleepingcomputer.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
10 months ago Helpnetsecurity.com
Best of 2023: Why is everyone getting hacked on Facebook? - Importantly, phishing relies on the victim trusting the scammer and taking an action - like clicking a link or sending bank account information - in order for the scammer to get what they want. It's not your imagination - social media scams really ...
10 months ago Securityboulevard.com
Cyber Crime Wave: Chinese Scammers Target Europe with Fake Designer Brands - In the last couple of weeks, there has been an increase in the number of people who have been duped into sharing their card details and other personal information with a network of fake online designer shops that are operated from China, which appear ...
6 months ago Cysecurity.news
Is that survey real or fake? How to spot a survey scam - Online surveys and quizzes are all over the internet. They're quick and cheap to set up, easy for recipients to fill out, and simple for researchers to interpret. It's no wonder that they remain a popular tool for marketers to reach and research ...
1 year ago Welivesecurity.com
Pig Butchering: Fake Trading Apps Target Crypto on Apple, Google Play Stores - Pig Butchering scam targets crypto users with fake trading apps on Apple and Google Play Stores. These apps, found on Apple’s App Store and Google Play, and on phishing sites, are part of a Pig Butchering scam targeting cryptocurrency investors ...
1 month ago Hackread.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
9 months ago Gbhackers.com
Fake Recruiters Defraud Facebook Users via Remote Work Offers - A fresh wave of job scams is spreading on Meta's Facebook platform that aims to lure users with offers for remote-home positions and ultimately defraud them by stealing their personal data and banking credentials. The attackers dangle offers of ...
10 months ago Darkreading.com
Massive utility scam campaign spreads via online ads - When customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam, where crooks pretend to be your utility company so they can threaten and extort as much money from you as they ...
9 months ago Malwarebytes.com
One Phish, Two Phish, Red Phish, Blue Phish - I sat down for a chat with George Skouroupathis, our phishing expert at Resonance Security. Phishing is often the first step taken by hackers in a larger scam. There are lots of different kinds of phishing attacks, but one of the most prevalent is ...
5 months ago Hackread.com
Over 800 Phony "Temu" Domains Lure Shoppers into Credential Theft - Stay alert against Temu phishing scams: Cybersecurity experts warn of scammers using fake giveaways to steal credentials. Over 800 new 'Temu' domains registered in the past 3 months. Temu is the latest brand chosen by scammers for their phishing ...
9 months ago Hackread.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
6 months ago Hackread.com
The Fake Browser Update Scam Gets a Makeover - One of the oldest malware tricks in the book - hacked websites claiming visitors need to update their Web browser before they can view any content - has roared back to life in the past few months. New research shows the attackers behind one such ...
11 months ago Krebsonsecurity.com
7 Months Inside an Online Scam Labor Camp - He had been kidnapped and forced to work for an abusive online scam operation. A man was abducted by a Chinese gang and forced to work in a scam operation. More than anything else, Neo Lu, a 28-year-old Chinese office worker, believed the gig would ...
11 months ago Nytimes.com
US court docs expose fake antivirus renewal phishing tactics - In a seizure warrant application, the U.S. Secret Service sheds light on how threat actors stole $34,000 using fake antivirus renewal subscription emails. The now-executed seizure warrant was submitted by Special Agent Jollif of the United States ...
10 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)