Stealthy WordPress Malware Drops Windows Trojan via PHP Backdoor
Puja Srivastava Last month, we encountered a particularly interesting and complex malware case that stood out from the usual infections we see in compromised WordPress websites. At…
Search Results
wordpress
1134 posts
Malicious WordPress Plugin Creates Hidden Admin User Backdoor
Matt Morrow I recently wrote about a case where a malicious plugin was used to steal admin credentials. Here we will examine yet another malicious plugin that…
Analysis of a Malicious WordPress Plugin: The Covert Redirector
A few weeks ago, we received a support request from a website owner who was experiencing unexpected redirects. Visitors landed on the website normally, but…
Fake WordPress Caching Plugin Used to Steal Admin Credentials
A common trend we see is that bad actors will upload malicious plugins to WordPress sites. These plugins serve a wide variety of functions from…
Fake Java Update Popup Found in Malicious WordPress Plugin
We recently assisted a customer who reported a persistent and concerning “Java Update” pop-up appearing on their WordPress website. This type of deceptive notification is…
Another Fake Cloudflare Verification Targets WordPress Sites
Kayleigh Martin A new Cloudflare infection has once again been targeting WordPress sites. This new iteration of malware mimics a legitimate-looking Cloudflare verification page, which then tricks…
Ad-Jacked: Cybercriminals Inject Google Adsense into WordPress
Recently, we’ve encountered cases where WordPress websites were impacted by Google Adsense hijackers. Attackers inject advertisements and scripts that steal website resources and pump ad…
Credit Card Skimmer and Backdoor on WordPress E-commerce Site
The battle against e-commerce malware continues to intensify, with attackers deploying increasingly sophisticated tactics. In a recent case at Sucuri, a customer reported suspicious files…
Fake WordPress Plugin Impacts SEO by Injecting Casino Spam
Injecting malware via a fake WordPress plugin has been a common tactic of attackers for some time. This clever method is often used to bypass…
WordPress ClickFix Malware Causes Google Warnings and Infected Computers
Ben Martin Since December of last year there has been a new fake Google reCAPTCHA campaign making its way through the WordPress world. Very similar to malware…
Hidden Backdoors Uncovered in WordPress Malware Investigation
At Sucuri, we often encounter cases where malware is deeply embedded in websites, hidden in files and scripts that can easily escape detection. In this…