In late 2022, new Linux malware was discovered. It manages to exploit 30 distinct flaws in various WordPress plugins and themes. Its purpose is to inject malicious JavaScript and offer the operator remote control over the systems. As a result, hackers could redirect websites for different purposes.

Code on notebook (illustrative image: Christiaan Colen/Flickr)

The malware manages to affect both 32-bit and 64-bit versions of Linux. It uses a series of exploits, one at a time, until one of them ends up working. WordPress pages are the main target, especially abandoned or older ones.

According to the antivirus vendor, Dr. web, sites that use outdated versions of plugins or themes are the most susceptible to the attack. So the trojan automatically finds a viable option for its input and fetches a JavaScript from your server. Finally, it injects the script.

From there, the hacker can create several ways to deceive the visitor, as he manages to redirect any click on the page to another location. Phishing, malware distribution and different campaigns are some examples of the purposes.

If you use Linux, the best way to protect yourself is to leave all the internal content of your WordPress site updated. In addition, ensuring that two-factor activation is enabled is extremely important to prevent intrusions.

It’s also worth keeping an eye on the list of what might be affected on your page.

Page affected by Malware (Image: Reproduction / Dr. Web)

Plugins and themes that can take the attack

The first list released by Dr. web brings 19 options that are susceptible to the Trojan horse in WordPress:

WP Live Chat Support Plugin

WordPress – Yuzo Related Posts

Yellow Pencil Visual Theme Customizer Plugin

easysmtp

WP GDPR Compliance Plugin

Newspaper Theme on WordPress Access Control (CVE-2016-10972)

thin core

Google Code Inserter

Total Donations Plugin

Post Custom Templates Lite

WP Quick Booking Manager

Facebook Live Chat by Zotabox

Blog Designer WordPress Plugin

WordPress Ultimate FAQ (CVE-2019-17232 and CVE-2019-17233)

WP-Matomo Integration (WP-Piwik)

WordPress ND Shortcodes For Visual Composer

WP Live Chat

Coming Soon Page and Maintenance Mode

Hybrid

However, an updated version of the malware is already able to affect 11 more add-ons:

Brizy WordPress Plugin

FV Flowplayer Video Player

WooCommerce

WordPress Coming Soon Page

WordPress theme OneTone

Simple Fields WordPress Plugin

WordPress Delucks SEO plugin

Poll, Survey, Form & Quiz Maker by OpinionStage

Social Metrics Tracker

WPeMatico RSS Feed Fetcher

Rich Reviews plugin

With information: Bleeping Computer.