Researchers find malicious plugins on 25,000 WordPress sites



A new study by Georgia Tech researchers found malicious plugins installed on nearly 25,000 WordPress websites.

Researchers analyzed over 400,000 web server backups and used a web development tool named ‘YODA’ to find 47,337 malicious plugins on 24,931 unique WordPress sites. All compromised websites in the dataset were found to have two or more infected plugins, with 94% of plugins active.

Researchers were also able to use the YODA tool to trace malware used by WordPress plugins to their source, the George Tech College of Computing reported on August 26th. By exploiting vulnerabilities he injects malware into websites, most often infecting WordPress sites after plugins have been added to WordPress.

In some cases, malicious plugins have been found masquerading as harmless plugins offered through legitimate marketplaces.

Malicious plugins have also been found to spread by attacking other plugins on the server where WordPress is installed. The most common forms of exploitation were cross-plugin infections or infections by exploiting existing vulnerabilities.

Malicious plugins can cause damage, but owners can take steps such as purging malicious plugins and reinstalling malware-free versions that have been scanned for vulnerabilities. .

Cory Cline, senior cybersecurity consultant at application security provider nVisium LLC, told SiliconANGLE: “This is easy because all WordPress plugins are written in PHP and the source code is freely available for review by anyone who wishes.”

Klein added that implementing a WordPress plugin that has not been properly vetted may have no impact if the plugin is non-malicious and does not contain any known vulnerabilities. “However, a malicious WordPress plugin could end up taking over the affected WordPress instance completely,” he said.

According to Sounil Yu, Chief Information Security Officer at JupiterOne Inc., a cyber asset management and governance solutions provider, this is not just a WordPress issue, but any plugin, integration, third-party application, or PITA that leverages it. I pointed out that it was a software problem.

“PITA research is problematic because there are thousands of these PITAs without clear provenance, test results, or data flow diagrams,” Yu explains. “The security team has taken a rudimentary approach, mostly just skimming. And marketplaces need to do more due diligence.”

Photo: Pxfuel

Show your support for our mission by joining our expert Cube Club and Cube Events community. Join a community of celebrities and experts including Andy Jassy, ​​CEO of Amazon Web Services and, Michael Dell, Founder and CEO of Dell Technologies, Pat Gelsinger, CEO of Intel, and more .


Source link

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

    Image Cheap Website Builders .jpeg

    9 Cheapest Website Builders in 2023 – Forbes Advisors

    odgen 1200

    Tons of JavaScript Bugs in Node.js Ecosystem – Automated Discovery – Naked Security