What they can do?
Upon their command, it is able to perform the following actions:
- Attack a specified webpage (website);
- Switch to standby mode;
- Shut itself down;
- Pause logging its actions.
Which plugins are affected?
Please note these lists only contain that known plugins and usually there are more plugins affected not discovered yet.
- WP Live Chat Support Plugin
- WordPress – Yuzo Related Posts
- Yellow Pencil Visual Theme Customizer Plugin
- WP GDPR Compliance Plugin
- Newspaper Theme on WordPress Access Control (vulnerability CVE-2016-10972)
- Thim Core
- Google Code Inserter
- Total Donations Plugin
- Post Custom Templates Lite
- WP Quick Booking Manager
- Faceboor Live Chat by Zotabox
- Blog Designer WordPress Plugin
- WordPress Ultimate FAQ (vulnerabilities CVE-2019-17232 and CVE-2019-17233)
- WP-Matomo Integration (WP-Piwik)
- WordPress ND Shortcodes For Visual Composer
- WP Live Chat
- Coming Soon Page and Maintenance Mode
- Brizy WordPress Plugin
- FV Flowplayer Video Player
- WordPress Coming Soon Page
- WordPress theme OneTone
- Simple Fields WordPress Plugin
- WordPress Delucks SEO plugin
- Poll, Survey, Form & Quiz Maker by OpinionStage
- Social Metrics Tracker
- WPeMatico RSS Feed Fetcher
- Rich Reviews plugin
How to find out if I’m affected by this malware?
Actions to be taken
First of all try to keep your operation system and all the hosting tools updated. Always keep your WordPress and all the plugins updated. Always use unique and strong password for your website and administrator panels. Schedule a routine antivirus scan for your hosting directory and use a WAF (Web application firewall) if you can.
- More details on Linux.BackDoor.WordPressExploit.1
- More details on Linux.BackDoor.WordPressExploit.2
- Read the whole story and more details at: Dr.Web News