New Linux malware uses 30 plugin exploits to backdoor WordPress sites


30 vulnerabilities in numerous outdated WordPress plugins and themes have been taken advantage of by a previously unidentified Linux virus to inject malicious JavaScript. The malware, which allows its operator remote command capabilities, targets both 32-bit and 64-bit Linux systems, according to a study by antivirus provider Dr. Web.

The trojan’s primary function is to break into WordPress websites using a series of hardcoded attacks that are executed one after another until one of them succeeds. The malware will automatically download malicious JavaScript from its command and control server if the targeted website uses an outdated and vulnerable version of any of the aforementioned software.

Read More…