Recently, s software-security company named Sucuri has reported that a WordPress plug-in contains backdoor malware that allows the creator of the extension to gain access to the user’s WordPress account and execute a number of unwanted actions. The name of the plug-in is X-WP-SPAM-SHIELD-PRO and it is disguised as a security add-on when in reality it serves as a backdoor.
Apparently, the hacker behind this has tried to use a name similar to a popular WordPress extension that is called WP-SpamShield Anti-Spam in order to trick inattentive customers into downloading and installing the malware.
As we already mentioned, such a malicious software could allow its creator to execute a number of harmful or unwanted activities within the account of its victim. Here is an overall summary of what you can expect from X-WP-SPAM-SHIELD-PRO:
- Sends a list of the user’s other WordPress plug-ins and allows the attacker to disable all of them. The idea behind this is that any legitimate security plug-ins that the user might have which might intercept the backdoor would get disabled.
- Creates an additional admin user through which the attacker can operate and gain access to the WordPress account.
- The backdoor also sends the current version of WordPress to the hacker as well as a list of all the admin user profiles.
The extension isn’t available in WordPress plug-in library
The good news is that the malicious plug-in isn’t being distributed via the extension library of WordPress. Users who have had the misfortune of landing this nasty backdoor have apparently downloaded from another source.
This leads us to the topic of just how important it is to be careful with the sources that you use when downloading and installing software. Malicious programs and malware viruses are everywhere and it is often very difficult to avoid them. However, as long you stick to reliable sources that have at least some level of security, the chances of your PC or website getting hacked would be greatly reduced. This rule applies not only to WordPress plug-ins but also to browser extensions and Android applications. It is much more sensible and much safer to download new apps from the Google Store or new extensions for say your Chrome browser from the Web Store instead of getting them from some other lesser known source with obscure security standards.
That said, also one should keep in mind that even when downloading stuff from supposedly safe sources, one should always double-check the app or extension that they are about to install as no platform is flawless and there are certainly more than enough examples of malicious software getting inside and being distributed by otherwise reputable sites and online stores. Therefore, make sure to always be careful and carry out your own research on things that you are about to download.