AVOID AT ALL COSTS
“Custom Content Type Manager version 0.9.8.8 contains malicious code
As Sucuri’s investigation revealed, in the past two weeks, the plugin that looked like an abandoned project for the last 10 months, mysteriously changed owner, and immediately after, the new developer, named wooranker, updated the plugin and pushed out a new version.
All the changes he made to the plugin were of a nefarious nature. First, there was the addition of the auto-update.php file, which included the ability to download files from a remote server on the infected website.
Additionally, wooranker also added the CCTM_Communicator.php file, which worked together with another, older, legitimate plugin file. The purpose of these two files was to ping wooranker’s server about the presence of a newly infected site.
Besides gathering info on the victim’s site, this plugin also tapped into the WordPress login process and recorded usernames and the password, albeit in encrypted format, sending the data to the wordpresscore.com server.”
- The topic ‘SECURITY THREAT’ is closed to new replies.