30 January 19, 18:30
Quote:A spam-injecting malware is targeting WordPress site owners by disguising itself as a legitimate license key for a WordPress design theme.
According to analysis from Sucuri, a customer opened a malware removal ticket reporting “some weird spam URLs injected onto their WordPress website.” After further investigation into the files on the website, analysts uncovered a hidden encoded spam injector malware in the “./wp-content/themes/toolbox/functions.php” WordPress theme, masquerading as a license key.
WordPress themes are essentially website templates, specifying the fonts, colors, image placement and other design elements for a site. They can also be customized with tailored elements.
When a customer orders a theme, it comes with a license key, like any software would. This key is required for any future updates, features and security patches.
“A license key is a place where a webmaster might not expect to find an infection,” said Moe Obaid, security analyst at Sucuri, in a Wednesday post. “The attacker formatted the encoded injector to look like a theme’s license key in order to distract the eyes of a less-trained security analyst from suspecting this to be malicious code.”
Source: https://threatpost.com/malware-wordpress...ey/141315/