Quote:A spam-injecting malware is targeting WordPress site owners by disguising itself as a legitimate license key for a WordPress design theme.

According to analysis from Sucuri, a customer opened a malware removal ticket reporting “some weird spam URLs injected onto their WordPress website.” After further investigation into the files on the website, analysts uncovered a hidden encoded spam injector malware in the “./wp-content/themes/toolbox/functions.php” WordPress theme, masquerading as a license key.
WordPress themes are essentially website templates, specifying the fonts, colors, image placement and other design elements for a site. They can also be customized with tailored elements.

When a customer orders a theme, it comes with a license key, like any software would. This key is required for any future updates, features and security patches.

“A license key is a place where a webmaster might not expect to find an infection,” said Moe Obaid, security analyst at Sucuri, in a Wednesday post. “The attacker formatted the encoded injector to look like a theme’s license key in order to distract the eyes of a less-trained security analyst from suspecting this to be malicious code.”