Sucuri Discovers Fake WordPress Plugins Privately Mining Cryptocurrencies
The researchers of Sucuri just discovered a new threat that affects WordPress users. According to them, new malicious plugins for WordPress are appearing at a fast rate. These plugins are exploiting an issue by running the Linux binary code.
They get access to the computer of the person and then mine cryptos illegally. Most of the time, the victims do not even perceive that their computing power is being used until the criminals have already made a considerable amount of money from them. According to Sucuri, the plugins are also used as a way to maintain access to compromised servers, which are used for cryptojacking, too.
Most of the malware disguised as plugins are clones of software that are legitimate. However, a small part of them has been altered in a way that it makes easier for the hackers to invade the computer.
According to Sucuri, the hackers have been using several names for these fake plugins and they keep creating other ones so that more people will be fooled if the prior plugins are discovered. Some examples of plugins that contained malware were updrat123 and initiatorseo.
While all these plugins have different names, all of them are pretty similar to UpdraftPlus, a popular plugin used for backup and restore sites. This happened mainly for two reasons. It is easier to use something that already exists as a base and also to trick people into using it because they may mistake it for another piece of software.