Russian anti-virus provider Dr. Web released an article last December 30 detailing a Linux malware attack on WordPress sites. The strain is discovered to have the capability to exploit over a dozen plugins and themes, allowing it to compromise vulnerable WordPress-based systems. 

According to the report, WordPress sites using outdated versions of the add-ons may lack the necessary security patches to defend themselves from an attack. 

The Linux malware is said to perform the following malicious activities: 

  • Attack a targeted web page
  • Switch to standby mode
  • Shut itself down
  • Put activity-logging on hold

The Linux Malware Infection Process

The article discusses in detail how the Linux malware takes advantage of outdated WordPress plugins. 

  1. Once the virus identifies a vulnerability on one of the outdated plugins, a specific page is then injected with malicious JavaScript, which is downloaded from a remote server.
  2. When the infected page is loaded, the said Javascript will be initiated. Users who click on any part of the content will then be redirected to another site that the attackers will utilize for employing phishing, malvertising, or malware distribution crimes. 

Additionally, Dr. Web was also able to identify a second version of the backdoor which expands the list of affected outdated plugins and themes, bringing the total to 30. Here’s a complete list of the targeted themes and plugins for reference: 

  • WP Live Chat Support
  • Yuzo Related Posts
  • Yellow Pencil Visual CSS Style Editor
  • Easy WP SMTP
  • WP GDPR Compliance
  • Newspaper (CVE-2016-10972)
  • Thim Core
  • Smart Google Code Inserter (discontinued as of January 28, 2022)
  • Total Donations
  • Post Custom Templates Lite
  • WP Quick Booking Manager
  • Live Chat with Messenger Customer Chat by Zotabox
  • Blog Designer
  • WordPress Ultimate FAQ (CVE-2019-17232 and CVE-2019-17233)
  • WP-Matomo Integration (WP-Piwik)
  • ND Shortcodes
  • WP Live Chat
  • Coming Soon Page and Maintenance Mode
  • Hybrid
  • Brizy
  • FV Flowplayer Video Player
  • WooCommerce
  • Coming Soon Page & Maintenance Mode
  • Onetone
  • Simple Fields
  • Delucks SEO
  • Poll, Survey, Form & Quiz Maker by OpinionStage
  • Social Metrics Tracker
  • WPeMatico RSS Feed Fetcher, and
  • Rich Reviews

If you use WordPress as a CMS, it is crucial that you audit your add-ons and ensure each and every one of them is updated to avoid falling victim to Linux malware. 

For additional security, do not hesitate to check out our available solutions. Get instant alerts through our GRED web security verification cloud that can detect vulnerabilities in web applications, including outdated WordPress plugins, so you don’t fall victim to Linux malware. Get in touch with our cybersecurity experts today!