A number of WordPress plugins have been backdoored to inject malicious code that makes it attainable to create rogue administrator accounts with the purpose of performing arbitrary actions.
“The injected malware makes an attempt to create a brand new administrative consumer account after which sends these particulars again to the attacker-controlled server,” Wordfence safety researcher Chloe Chamberland mentioned in a Monday alert.
“As well as, it seems the menace actor additionally injected malicious JavaScript into the footer of internet sites that seems so as to add web optimization spam all through the web site.”
The admin accounts have the usernames “Choices” and “PluginAuth,” with the account info exfiltrated to the IP handle 94.156.79[.]8.
It is presently not identified how the unknown attackers behind the marketing campaign managed to compromise the plugins, however the earliest indicators of the software program provide chain assault date again to June 21, 2024.
The plugins in query are now not accessible for obtain from the WordPress plugin listing pending ongoing assessment –
Customers of the aforementioned plugins are suggested to examine their websites for suspicious administrator accounts and delete them, along with eradicating any malicious code.