AEGIS Stops New Linux Malware to Backdoor WordPress Sites
According to multiple news outlets, a previously unknown Linux malware has been exploiting 30 vulnerabilities in multiple outdated WordPress plugins and themes to inject malicious JavaScript. This malware targets both 32-bit and 64-bit Linux systems, giving the operator remote command capabilities.
The main functionality of the trojan is to hack WordPress sites using a set of hardcoded exploits that are run successively, until one of them works. Luckily, subscribers to Aegis Defender Pro are immune to these attacks. More on this later on.
We are urging all WordPress users to check for these plugins and update them immediately:
- WP Live Chat Support Plugin
- WordPress – Yuzo Related Posts
- Yellow Pencil Visual Theme Customizer Plugin
- Easysmtp
- WP GDPR Compliance Plugin
- Newspaper Theme on WordPress Access Control (CVE-2016-10972)
- Thim Core
- Google Code Inserter
- Total Donations Plugin
- Post Custom Templates Lite
- WP Quick Booking Manager
- Faceboor Live Chat by Zotabox
- Blog Designer WordPress Plugin
- WordPress Ultimate FAQ (CVE-2019-17232 and CVE-2019-17233)
- WP-Matomo Integration (WP-Piwik)
- WordPress ND Shortcodes For Visual Composer
- WP Live Chat
- Coming Soon Page and Maintenance Mode
- Hybrid
How Aegis Defender Pro Stopped This Attack Before is Started
Aegis Defender Pro and Aegis Defender Pro Hosting Firewalls already contain most reported bot-net IPs and networks, so distributed attacks like these don't overwhelm our subscribers' websites. We may receive a few attacks out of thousands, and our detection & blocking systems take care of those in real-time on the subscriber's website locally. We then receive a report of any attack, and add it to all our subscribers' firewalls within minutes.
A Proactive Approach to Cybersecurity
Besides detecting and blocking attacks on our subscribers, we also trace and block the Command and Control servers that direct these bot-nets and receive data from infected machines. In the past 6 years, we've blocked thousands of C2 servers, and continue to find new servers as they come online.
Some of our methods include using tools such as Shodan.com to search for specific tags and find Command & Control servers, as well as their bot-nets before they attack any of our subscribers. This proactive approach keeps attacks to a minimum, especially like the attack that is still ongoing on WordPress plugins.
Having Aegis Defender Pro doesn't mean you can relax when it comes to keeping your WordPress plugins up-to-date, however. Your webmaster should be keeping up with updates, if you don't have one, you can Google search how to update WordPress plugins and follow the instructions. Aegis Defender Pro Hosting offers full webmaster services with their hosting plans, find out more here.
For more information about Aegis Defender Pro, visit our product information page or contact our offices.