The heart of tech is coming to the heart of the Mediterranean. Join TNW in Valencia this March 🇪🇸

This article was published on October 18, 2019

Researchers find fake WordPress plugins that secretly mine cryptocurrency

Researchers find fake WordPress plugins that secretly mine cryptocurrency
Yessi Bello Perez
Story by

Yessi Bello Perez

Former Senior Writer, Growth Quarters

Researchers have discovered several malicious WordPress plugins that are being used to surreptitiously mine cryptocurrency by running Linux binary code.

According to the researchers at website security company Sucuri, the plugins are also being used to maintain access to compromised servers. It seems their use has increased in recent months.

Essentially, the components are clones of the legitimate software, which have been altered for illicit purposes, making them relatively easy for hackers to create.

Attackers have been using different names for these fake plugins, including ‘initiatorseo’ or ‘updrat123,’ the researchers said.

Although the plugins’ code differs in terms of names, they do have several things in common: they have a similar structure and header comments from the popular backup/restore plugin UpdraftPlus.

Instead of creating a malicious WordPress plugin from scratch, attackers can simply change the code of an existing one to include nefarious components.

The approaches in this attack are nothing new, but they do demonstrate how important it is to run a comprehensive malware clean.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with