Warning hackers using new technique to install Backdoor sticky plugin on WordPress

The new technique is quite complex, and to compromise a website, a hacker has to go through many different steps, many of which can prevent a successful attack.

Warning hackers using new technique to install Backdoor sticky plugin on WordPress

According to reports from security company Wordfence and several posts on official WordPress.org forums, the attacks occurred on May 16. Website owners report attackers who have infiltrated and illegally managed their sites.

How the new attack technique works

The first step of the attack is for the hackers to take the user’s username and password from the public breach and log into the WordPress.com account.

Users who reuse passwords across accounts and do not have two-factor authentication enabled are more vulnerable to attackers taking over their accounts.

For a better understanding, the WordPress.com account used to manage professional blogs hosted by Automattic, is different from the WordPress.org accounts and admin account for WordPress Self-Hosted websites based on CMS code open source.

The open source WordPress CMS is managed by the WordPress community, and the Automattic developers contribute to the open source project and influence each other closely with the open source CMS. That’s why a few years back Automattic took the analytics plugin used on WordPress.com and released it as an open source plugin for WordPress Self-Hosted sites.

Hacker installs backdoor stick plugin through Jetpack

The analytics module called Jetpack was developed and added with many new features, and is currently one of the most popular plugins on WordPress websites.

One of the standout features of this plugin is the ability to connect WordPress Self-Hosted sites and use the Jetpack dashboard inside WordPress.com to manage tens or even thousands of WordPress Self-Hosted sites. via the Jetpack plugin installed on the pages.

Jetpack also includes the ability to install plugins on other websites from the Jetpack dashboard on WordPress.com.

The plugin does not have to be hosted or hidden on the WordPress.org repository, and an attacker can easily upload a malicious ZIP file and then send it to individual websites.

According to Wordfence, hackers hijacked WordPress.com accounts and searched for linked self-hosted WordPress sites to abuse remote management and deploy backdoor-stick plugins on previously secured sites.

The attacks happened more than 1 week

Experts say that the attack began on May 16, the hackers deployed a plugin called pluginsammonstersthen switch to another plugin implementation called wpsmilepack on May 21st.

The number of compromised websites has not been determined yet, and it is difficult to detect compromised websites.

“Plugins are visible on the WordPress.com dashboard but are invisible in the list of target WordPress sites when active,” the Wordfence team said.

Currently, hackers use these backdoors to redirect users to spam sites and tech support scams.

Owners of WordPress Self-Hosted sites that connect the Jetpack plugin to a WordPress.com account are advised to review the plugins they have deployed on self-hosted sites within the WordPress.com dashboard.

If you find suspicious plugins, you should change your account password immediately and enable two-factor authentication for your account.

Wordfence says attackers using this technique target pre-existing self-hosted WordPress sites. In February of this year, the attacker used a technique called credential stuffingusing leaked usernames and passwords to guess admin account logins and illegally infiltrate self-hosted WordPress sites directly at the source.

WordPress is open source and is widely used to create personal websites and blogs, if you want to experience, refer to it how to create wordpress blog here.

Some tips that you may need when creating a wordpress blog like:

– How to Create a Page in WordPress
– How to create categories in WordPress
– How to create tags in WordPress

https://thuthuat.Emergenceingames.com/ky-thuat-moi-cai-dat-plugin-dinh-backdoor-tren-wordpress-35371n.aspx
Based on the FaceDetector API available on Chrome 56 and later and the webcam, a temporary new Chrome extension stop playing YouTube videos when the user looks away from the screen will help you reduce manipulation while listening to music, watching movies on YouTube but having to leave the computer.