A new threat has emerged for WordPress sites. Researchers have discovered malware that creates loopholes and masquerades as a plugin.

Malware disguised as plugins poses a new threat to WordPress sites. The malware creates backdoors for hackers to take over a website. This message bleeds computers.

Behind the back

The malware was discovered by people from the security company Defiant. This software claims to be a plug-in caching and allows hackers to create an administrator account and take over a website. The malware remains hidden via such backdoors and controls a number of plug-ins itself.

The striking thing about the discovery was that the malware posed as a tool to improve loading times and reduce the load on servers. The system has also managed to not show itself when plug-ins are active, which may make detection more difficult.

Multifunctional

The malware had several capabilities:

• Create and delete an administrator account
• The ability to detect bots
• Replace or change content on a website
• Check WordPress plugins
• Activate functions remotely

According to the researchers, this gave the attackers enough resources to control and monetize a website. Defiant did not provide numbers for compromised sites.

Unfortunately, this is not the only threat to WordPress users in recent months. A plugin vulnerability was also discovered last month, and in August it was revealed that a similar threat had compromised 400,000 systems.