Backdoor Malware Found on WordPress Website Disguised as Legitimate Plugin

A WordPress backdoor able to camouflage itself as a legitimate plugin has been deployed by a threat actor, according to Defiant, a WordPress security firm. The malware was discovered during the cleanup of a compromised site, and is built to be unseen in the list of active plugins. The backdoor allows the actor to create an admin account, remotely activate and deactivate plugins, and monitor the malware’s operational state. The firm also found a bot detection function that allows the malware to serve malicious content based on specific filters.