Research by cybersecurity firm Dr. Web has found that a new strain of Linux malware is targeting websites based on WordPress. The malware has been named Linux.BackDoor.WordPressExploit.1 and targets 32-bit versions of Linux. The malware is primarily used to hack websites based on content management systems and to inject malicious script onto webpages. The backdoor leverages vulnerabilities in outdated WordPress plugins and themes.
Some of the plugins targeted include WP Live Chat Support, WP Live Chat, Google Code Inserter, and WP Quick Booking Manager. The trojan is controlled by malicious actors remotely, and they have the ability to switch the malware to standby mode. Dr. Web believes that the tool may have been used for years by cybercriminals to conduct attacks or monetize the resale of internet traffic.