Researchers Uncover Malware Posing as WordPress Caching Plugin

Cybersecurity researchers have uncovered a sophisticated malware masquerading as a WordPress plugin, capable of creating administrator accounts to control compromised sites remotely. The malware enables remote plugin activation, injecting of spam links, and deleting admin users, while evading detection by inexperienced users. In September 2023, over 17,000 WordPress sites were compromised by similar malware. The scale of these new attacks is unknown.