A sophisticated multi-stage malware campaign has been discovered targeting WordPress websites, employing an intricate infection chain that delivers Windows trojans to unsuspecting visitors while maintaining complete invisibility to standard security checks. This campaign highlights the increasing sophistication of WordPress-based malware delivery systems and underscores the critical need for comprehensive security monitoring beyond traditional signature-based detection methods. Unlike traditional malware infections that often display visible defacements or suspicious redirects, this campaign operates entirely beneath the surface, making detection extremely challenging for website administrators and security tools alike. The malware represents a significant evolution in web-based attack techniques, combining PHP backdoors with advanced evasion mechanisms to establish persistent access to victim systems. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Upon execution, the generated batch script modifies the Windows Registry by adding an entry to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, ensuring the trojan client32.exe automatically launches during system startup. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The malware’s payload delivery system demonstrates remarkable technical sophistication through its dynamic batch file generation capabilities. When a new victim is identified, header.php constructs a Windows batch script that orchestrates the complete infection process. The final payload establishes a backdoor connection to the command and control server at 5.252.178.123 on port 443, enabling remote access capabilities typical of advanced persistent threats.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 01 Jul 2025 14:40:18 +0000