Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions.
多个WordPress插件被植入恶意代码,使得可能创建恶意管理员账户,以执行任意操作。
"The injected malware attempts to create a new administrative user account and then sends those details back to the attacker-controlled server," Wordfence security researcher Chloe Chamberland said in a Monday alert.
Wordfence安全研究员Chloe Chamberland在周一的警报中表示:“注入的恶意软件试图创建一个新的管理用户账户,然后将这些详细信息发送回攻击者控制的服务器。”
"In addition, it appears the threat actor also injected malicious JavaScript into the footer of websites that appears to add SEO spam throughout the website."
此外,威胁参与者还向网站底部注入了恶意JavaScript代码,看起来通过整个网站添加了SEO垃圾信息。
The admin accounts have the usernames "Options" and "PluginAuth," with the account information exfiltrated to the IP address 94.156.79[.]8.
管理员账户的用户名为“Options”和“PluginAuth”,账户信息被转移到IP地址94.156.79[.]8。
It's currently not known how the unknown attackers behind the campaign managed to compromise the plugins, but the earliest signs of the software supply chain attack date back to June 21, 2024.
目前尚不清楚在这次活动背后的未知攻击者是如何成功地篡改了这些插件,但最早迹象可以追溯到2024年6月21日的软件供应链攻击。
The plugins in question are no longer available for download from the WordPress plugin directory pending ongoing review -
有关插件目前已被暂停,无法从WordPress插件目录下载,正在进行持续审查。
-
Social Warfare 4.4.6.4 – 4.4.7.1 (Patched version: 4.4.7.3) - 30,000+ installs
Social Warfare 4.4.6.4 – 4.4.7.1(修复版本:4.4.7.3)- 安装量超过30,000
-
Blaze Widget 2.2.5 – 2.5.2 (Patched version: N/A) - 10+ installs
Blaze Widget 2.2.5 – 2.5.2(修复版本:N/A)- 安装量超过10
-
Wrapper Link Element 1.0.2 – 1.0.3 (Patched version: N/A) - 1,000+ installs
Wrapper Link Element 1.0.2 – 1.0.3(修复版本:N/A)- 安装量超过1,000
-
Contact Form 7 Multi-Step Addon 1.0.4 – 1.0.5 (Patched version: N/A) - 700+ installs
Contact Form 7 Multi-Step Addon 1.0.4 – 1.0.5(修复版本:N/A)- 安装量超过700
-
Simply Show Hooks 1.2.1 (Patched version: N/A) - 4,000+ installs
Simply Show Hooks 1.2.1(修复版本:N/A)- 安装量超过4,000
Users of the aforementioned plugins are advised to inspect their sites for suspicious administrator accounts and delete them, in addition to removing any malicious code.
建议使用上述插件的用户检查其站点是否存在可疑的管理员账户,并将其删除,同时删除任何恶意代码。
参考资料
[1]https://thehackernews.com/2024/06/multiple-wordpress-plugins-compromised.html
关注我们
欢迎来到我们的公众号!我们专注于全球网络安全和精选双语资讯,为您带来最新的资讯和深入的分析。在这里,您可以了解世界各地的网络安全事件,同时通过我们的双语新闻,获取更多的行业知识。感谢您选择关注我们,我们将继续努力,为您带来有价值的内容。
原文始发于微信公众号(知机安全):多个WordPress插件被入侵:黑客创建恶意管理员账户
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论