Cybercriminals are increasingly abusing WordPress's mu-plugins (Must-Use Plugins) directory to stealthily execute harmful code on every page without being easily detected.
These plugins auto-load with each page view and don't appear in the regular admin plugin list, making them an ideal tool for attackers to maintain persistence.
Security firm Sucuri identified three common malicious payloads in these attacks: a fake update redirector, a webshell for full site control, and a spam injector.
The infections result in redirects to harmful sites, hidden backdoors, and spam content injection.
Signs of compromise include unexplained user redirections, odd plugin file names, and unusual spikes in server usage.
As threat actors increasingly target this directory, website admins are urged to monitor their sites closely for suspicious changes.
Read more...
Logging you in...
Loading IntenseDebate Comments...