Tag: Website Backdoor

  • Using Innocent Roles to Hide Admin Users

    Using Innocent Roles to Hide Admin Users

    All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, but not many actually approach the capabilities of those roles. The way the capabilities are handled on WordPress makes it quite easy to change what each role is allowed…

  • Multiple Ways to Inject the Same Tech Support Scam Malware

    Multiple Ways to Inject the Same Tech Support Scam Malware

    Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious scripts into WordPress websites. Shortly after, the campaign changed the domain names used in its scripts. Now it mainly uses hotopponents[.]site and learningtoolkit[.]club. At the time of this writing, PublicWWW finds the most common patterns…

  • Backdoor Uses Paste Site to Host Payload

    Backdoor Uses Paste Site to Host Payload

    Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found and removed. Website Backdoors A backdoor is a piece of malware that attackers leave behind to allow them access back into a website. Hackers like to inject code into different locations to…

  • Outdated Duplicator Plugin RCE Abused

    Outdated Duplicator Plugin RCE Abused

    We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked to the same vulnerable software: WordPress Duplicator Plugin. Versions lower than 1.2.42 of Snap Creek Duplicator plugin are vulnerable to a Remote Code Execution attack, where the malicious visitor is…