Credit: Adobe Stock Images
Considering that many MSSPs and MSPs manage WordPress sites for their customers, news of a malware injection into five WordPress plugins raises concern about the vulnerability of this common website content creation software.
The software supply chain attack backdoors malicious code that makes it possible to create rogue administrator accounts, with the aim of performing arbitrary actions, The Hacker News reports. The break-in established malicious admin accounts with the “Options” and “PluginAuth” usernames, enabling the exfiltration of account details to the IP address 94.156.79[.]8.
Attackers also conducted malicious JavaScript code injections to infect targeted websites with search engine optimization spam, Defiant’s Wordfence security researcher Chloe Chamberland blogged. All of the affected plugins have already been removed from the WordPress plugin directory. Only Social Warfare has issued a new version addressing the issue. Immediate deletion of the plugins has also been recommended to website admins.
Now, on top of malware, a new credit card skimmer “Caesar Cipher Skimmer” is infecting multiple content management platforms, including WordPress, Magento and OpenCart, Ben Martin of Securi reports.
The plugins in question are no longer available for download from the WordPress plugin directory pending ongoing review. Wordfense offers a full guide to cleaning your WordPress site and associated patches.
Wordfense lists the infected plugins:
The Wordfence Threat Intelligence team is performing a deeper analysis and will provide more information as it becomes available.
“We are actively working on a set of malware signatures to provide detection for these compromised plugins,” Chamberland said. “However, if you are running a malicious version of one of the plugins, you will be notified by the Wordfence Vulnerability Scanner that you have a vulnerability on your site and you should update the plugin where available or remove it ASAP.”
The Word Press attack brings to light new research from Sonatype’s 9th Annual State of the Software Supply Chain Report, which uncovered a whopping 633% increase in software supply chain attacks.
Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.
Sponsored by Stellar Cyber
Learn about the latest trends, challenges and strategies for securing the supply chain in today’s digital landscape.
D. Howard Kass
Does the SEC want to make an example of SolarWinds or is there another motivation behind the probe?
Jim Masters
Accenture’s MSSP practice gains Tenchi’s SaaS supply chain security management platform.