Malicious hackers have been caught hiding their WordPress malware in the ‘mu-plugins’ directory to evade routine security checks, according to a warning issued by Sucuri.
The mu-plugins, short for Must-Use plugins, are automatically loaded on every page, do not require activation, and do not appear in the standard WordPress plugin interface. This makes the directory an appealing target for threat actors already seen abusing it for stealth infections.
In February, Sucuri warned of suspicious index.php and test-mu-plugin.php files in the mu-plugins directory that contained code to execute additional payloads, resulting in backdoors being deployed on the infected sites.
[...]
Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory
Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory
-
rbc
- Secretary
- Posts: 381
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory
Robert B. Carleton + ISC2 Central Mississippi Secretary