The Attack It is very crucial to keep your WordPress admin area protected. A fake WordPress Plugin called WP-Base-SEO which is based on a legitimate SEO module has infected about 4,000 WordPress websites in the past two weeks.
This plugin intended to boost users traffic but what it actually did was create a backdoor to the victimized site. The cyber attacker is likely scanning the internet looking for outdated WordPress plugins, particularly those running a plugin called RevSlider, SiteLock said.
Lead security analyst at security firm SiteLock, that found the bogus plugin says, “They have stolen the code from an existing SEO plugin and tweaked it to appear as legitimate. That way, should a WordPress site owner poke around and look for suspicious activity, they might easily overlook it as a legitimate SEO plugin.”
After a closer examination of the fake WP-Base-SEO malware, it was revealed that its malicious intent was in the form of a base64 encoded PHP eval request, according to a technical blog. “Eval is a PHP function that executes arbitrary PHP code. It is commonly used for malicious purposes and php.net recommends against using it,” SiteLock