A new and sophisticated malware attack is targeting WordPress websites by disguising itself as a security plugin. Discovered by Wordfence security experts, this threat uses convincing names and hidden functions to avoid detection while gaining persistent control over the infected websites.
Deceptive Plugin Hiding in Plain Sight
The malicious tool, named WP-antymalwary-bot.php, imitates legitimate plugins and is designed to remain hidden on the WordPress dashboard. Its capabilities include remotely executing code, reinfecting deleted files, and even sending signals to a command and control (C2) server hosted in Cyprus. The malware also injects malicious JavaScript into directories, displaying ads and spreading further.
Researchers believe the malware was developed using generative AI, enhancing its ability to appear legitimate and evade detection. This marks a shift in how attackers are using AI—not just for automation, but to increase the legitimacy and stealthiness of their tools.
Infection and Persistence Mechanisms
The malware was first discovered during a routine website cleanup when a modified wp-cron file automatically reactivated the plugin. Even after being deleted, the malware would regenerate itself using aliases like wpconsole.php or wp-performance-booster.php. Investigators suspect the initial breach occurred through leaked host credentials or FTP access.
Due to the lack of forensic logs, Wordfence has been unable to trace the exact method of the attack or identify the responsible attackers.
How to Protect Your WordPress Site
Site administrators should regularly audit their file systems, disable unnecessary cron jobs, and use a reliable security plugin with proactive monitoring capabilities. Additionally, it’s critical to change all FTP and hosting credentials immediately if any signs of a breach are detected.
Using AI to counter AI-powered threats may become the new norm, requiring administrators to stay updated and vigilant against emerging risks.
Related Topics
- How Can You Add a Calendar to WordPress?
- How Can I Add Pictures to My WordPress Website?
- How Can I Transfer My Website from Wix to WordPress?
