We recently wrote about backdoors in pirated commercial WordPress plugins. This time it will be a short post about an interesting backdoor we found in a Joomla plugin.
It was so well organized that at first we didn’t realize there was a backdoor even though we knew something was wrong. Here’s what the code of the plugin looks:
Nothing suspicious at first glance. Nothing is encrypted, nothing is obfuscated and no excessive comments. Just normal Joomla plugin code.