A recent study has revealed that spammers have infected 47,000+ WordPress plugins since 2012. This is a significant number, given that plugins are a fundamental component of website development. Researchers used the web development tool YODA to track the origins of the malware, and they found that every compromised website contained at least two malicious plugins.
The majority of infected plugins remain active and pose a threat to the website owner.
The researchers analyzed the backups of more than 400,000 unique web servers to determine which ones were malicious. The team determined that there were 47337 malicious plugins on 24,931 unique WordPress websites. The team then developed an automated framework to detect and eliminate these malicious plugins. It also noted that the number of malicious plugins had risen substantially over the years.
Malicious plugins infect WordPress sites by exploiting vulnerabilities in plugins. They can steal credentials and credit card information from visitors. They can also attack other WordPress sites and servers. As a result, homeowners should take the appropriate actions to protect their websites.
The Georgia Institute of Technology researchers developed a framework for detecting malicious WordPress plugins called YODA. WordPress is a popular content management system written in PHP that allows webmasters to build and maintain websites and install plugins that can add features or change content programmatically. These plugins are commonly hosted on online marketplaces. Threat actors frequently target these marketplaces, and YODA can help prevent this from happening by detecting malicious plugins and their origin.
Ranjita Pai Kasturi, Ph.D. student and the project’s lead researcher said, “This is an underexplored area. Attackers don’t try to hide their tracks and often assume that website owners won’t find them.”
Two scenarios led to these infections. Kasturi stated that the first scenario is cross-plugin infected, which means that a specific plugin developer can’t do much. Or it was infected through exploiting existing plugin vulnerabilities. This can be fixed by plugin developers scanning for vulnerabilities before making their plugins available for public use.
WordPress security malware plugins are a serious problem. These plugins are often used to infect other WordPress sites and servers. If you have a WordPress site, it is important to take the appropriate actions to protect your site from these malicious plugins. According to Kasturi, owners can save their sites by getting rid of malicious plugins and installing malware-free versions. Moreover, they can take advantage of the YODA code, which is now available on GitHub.