{"id":177179,"date":"2023-01-04T21:59:08","date_gmt":"2023-01-04T21:59:08","guid":{"rendered":"https:\/\/harchi90.com\/hundreds-of-wordpress-sites-infected-by-recently-discovered-backdoor\/"},"modified":"2023-01-04T21:59:08","modified_gmt":"2023-01-04T21:59:08","slug":"hundreds-of-wordpress-sites-infected-by-recently-discovered-backdoor","status":"publish","type":"post","link":"https:\/\/harchi90.com\/hundreds-of-wordpress-sites-infected-by-recently-discovered-backdoor\/","title":{"rendered":"Hundreds of WordPress sites infected by recently discovered backdoor"},"content":{"rendered":"<div itemprop=\"articleBody\">\n<figure class=\"intro-image intro-left\">\n  <figcaption class=\"caption\"\/>  <\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\">\n<\/aside>\n<p><!-- cache hit 132:single\/related:10bc1f1c210141a186db9fc333f3d93f --><!-- empty --><\/p>\n<p>Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup published last week.<\/p>\n<p>The Linux-based malware installs a backdoor that causes infected sites to redirect visitors to malicious sites, researchers from security firm Dr.Web said.  It&#8217;s also able to disable event logging, go into standby mode, and shut itself down.  It gets installed by exploiting already-patched vulnerabilities in plugins that website owners use to add functionality like live chat or metrics-reporting to the core WordPress content management system.<\/p>\n<p>\u201cIf sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts,\u201d Dr.Web researchers wrote.  \u201cAs a result, when users click on any area of \u200b\u200ban attacked page, they are redirected to other sites.\u201d<\/p>\n<p>Searches such as this one indicate that more than 1,300 sites contain the JavaScript that powers the backdoor.  It&#8217;s possible that some of those sites have removed the malicious code since the last scan.  Still, it provides an indication of the reach of the malware.<\/p>\n<p>The plugins exploited include:<\/p>\n<ul>\n<li>WP Live Chat Support Plugin<\/li>\n<li>WordPress \u2013 Yuzo Related Posts<\/li>\n<li>Yellow Pencil Visual Theme Customizer Plugin<\/li>\n<li>easysmtp<\/li>\n<li>WP GDPR Compliance Plugin<\/li>\n<li>Newspaper Theme on WordPress Access Control (vulnerability CVE-2016-10972)<\/li>\n<li>Thim Core<\/li>\n<li>Google Code Inserter<\/li>\n<li>Total Donations Plugin<\/li>\n<li>Post Custom Templates Lite<\/li>\n<li>WP Quick Booking Manager<\/li>\n<li>Facebook Live Chat by Zotabox<\/li>\n<li>Blog Designer WordPress Plugin<\/li>\n<li>WordPress Ultimate FAQ (vulnerabilities CVE-2019-17232 and CVE-2019-17233)<\/li>\n<li>WP-Matomo Integration (WP-Piwik)<\/li>\n<li>WordPress ND Shortcodes For Visual Composer<\/li>\n<li>WP Live Chat<\/li>\n<li>Coming Soon Page and Maintenance Mode<\/li>\n<li>hybrid<\/li>\n<li>Brizy WordPress Plugin<\/li>\n<li>FV Flowplayer Video Player<\/li>\n<li>WooCommerce<\/li>\n<li>WordPress Coming Soon Page<\/li>\n<li>WordPress theme OneTone<\/li>\n<li>Simple Fields WordPress Plugin<\/li>\n<li>WordPress Delucks SEO plugin<\/li>\n<li>Poll, Survey, Form &#038; Quiz Maker by OpinionStage<\/li>\n<li>Social Metrics Tracker<\/li>\n<li>WPeMatico RSS Feed Fetcher<\/li>\n<li>Rich Reviews plugin<\/li>\n<\/ul>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\">\n    <span class=\"ad_notice\">Advertisement <\/span>    <\/p>\n<\/aside>\n<p>\u201cIf one or more vulnerabilities are successfully exploited, the targeted page is injected with a malicious JavaScript that is downloaded from a remote server,\u201d the Dr.Web writeup explained.  \u201cWith that, the injection is done in such a way that when the infected page is loaded, this JavaScript will be initiated first\u2014regardless of the original contents of the page.  At this point, whenever users click anywhere on the infected page, they will be transferred to the website the attackers need users to go to.\u201d<\/p>\n<p>The JavaScript contains links to a variety of malicious domains, including:<\/p>\n<p>lobbydesires[.]com<br \/>letsmakeparty3[.]ga<br \/>deliverygoodstrategies[.]com<br \/>gabriellalovecats[.]com<br \/>css[.]digestcolect[.]com<br \/>clone[.]collectfasttracks[.]com<br \/>count[.]trackstatisticsss[.]com<\/p>\n<p>The screenshot below shows how the JavaScript appears in the page source of the infected site:<\/p>\n<figure class=\"image shortcode-img center full\" style=\"width:450px\"><img loading=\"lazy\" src=\"https:\/\/i0.wp.com\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/malicious-javascript.png?resize=450%2C226&#038;ssl=1\" width=\"450\" height=\"226\" data-recalc-dims=\"1\" \/><figcaption class=\"caption\">\n<p>Dr.Web<\/p>\n<\/figcaption><\/figure>\n<p>The researchers found two versions of the backdoor: Linux.BackDoor.WordPressExploit.1 and Linux.BackDoor.WordPressExploit.2.  They said the malware may have been in use for three years.<\/p>\n<p>WordPress plugins have long been a common means for infecting sites.  While the security of the main application is fairly robust, many plugins are riddled with vulnerabilities that can lead to infection.  Criminals use infected sites to redirect visitors to sites used for phishing, ad fraud, and distributing malware.<\/p>\n<p>People running WordPress sites should ensure that they&#8217;re using the most current versions of the main software as well as any plugins.  They should prioritize updating any of the plugins listed above.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup published last week. The Linux-based malware installs a backdoor that causes infected sites to redirect visitors to malicious sites, researchers from security firm Dr.Web &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/harchi90.com\/hundreds-of-wordpress-sites-infected-by-recently-discovered-backdoor\/\"> <span class=\"screen-reader-text\">Hundreds of WordPress sites infected by recently discovered backdoor<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Hundreds of WordPress sites infected by recently discovered backdoor - harchi90<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMifGh0dHBzOi8vYXJzdGVjaG5pY2EuY29tL2luZm9ybWF0aW9uLXRlY2hub2xvZ3kvMjAyMy8wMS9odW5kcmVkcy1vZi13b3JkcHJlc3Mtc2l0ZXMtaW5mZWN0ZWQtYnktcmVjZW50bHktZGlzY292ZXJlZC1iYWNrZG9vci_SAYABaHR0cHM6Ly9hcnN0ZWNobmljYS5jb20vaW5mb3JtYXRpb24tdGVjaG5vbG9neS8yMDIzLzAxL2h1bmRyZWRzLW9mLXdvcmRwcmVzcy1zaXRlcy1pbmZlY3RlZC1ieS1yZWNlbnRseS1kaXNjb3ZlcmVkLWJhY2tkb29yL2FtcC8?oc=5\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hundreds of WordPress sites infected by recently discovered backdoor - harchi90\" \/>\n<meta property=\"og:description\" content=\"Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup published last week. The Linux-based malware installs a backdoor that causes infected sites to redirect visitors to malicious sites, researchers from security firm Dr.Web &hellip; Hundreds of WordPress sites infected by recently discovered backdoor Read More &raquo;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMifGh0dHBzOi8vYXJzdGVjaG5pY2EuY29tL2luZm9ybWF0aW9uLXRlY2hub2xvZ3kvMjAyMy8wMS9odW5kcmVkcy1vZi13b3JkcHJlc3Mtc2l0ZXMtaW5mZWN0ZWQtYnktcmVjZW50bHktZGlzY292ZXJlZC1iYWNrZG9vci_SAYABaHR0cHM6Ly9hcnN0ZWNobmljYS5jb20vaW5mb3JtYXRpb24tdGVjaG5vbG9neS8yMDIzLzAxL2h1bmRyZWRzLW9mLXdvcmRwcmVzcy1zaXRlcy1pbmZlY3RlZC1ieS1yZWNlbnRseS1kaXNjb3ZlcmVkLWJhY2tkb29yL2FtcC8?oc=5\" \/>\n<meta property=\"og:site_name\" content=\"harchi90\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-04T21:59:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/wordpress-760x380.jpg\" \/>\n<meta name=\"author\" content=\"islamlacoste58\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/wordpress-760x380.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"islamlacoste58\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/harchi90.com\/hundreds-of-wordpress-sites-infected-by-recently-discovered-backdoor\/\",\"url\":\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMifGh0dHBzOi8vYXJzdGVjaG5pY2EuY29tL2luZm9ybWF0aW9uLXRlY2hub2xvZ3kvMjAyMy8wMS9odW5kcmVkcy1vZi13b3JkcHJlc3Mtc2l0ZXMtaW5mZWN0ZWQtYnktcmVjZW50bHktZGlzY292ZXJlZC1iYWNrZG9vci_SAYABaHR0cHM6Ly9hcnN0ZWNobmljYS5jb20vaW5mb3JtYXRpb24tdGVjaG5vbG9neS8yMDIzLzAxL2h1bmRyZWRzLW9mLXdvcmRwcmVzcy1zaXRlcy1pbmZlY3RlZC1ieS1yZWNlbnRseS1kaXNjb3ZlcmVkLWJhY2tkb29yL2FtcC8?oc=5\",\"name\":\"Hundreds of WordPress sites infected by recently discovered backdoor - harchi90\",\"isPartOf\":{\"@id\":\"https:\/\/harchi90.com\/#website\"},\"datePublished\":\"2023-01-04T21:59:08+00:00\",\"dateModified\":\"2023-01-04T21:59:08+00:00\",\"author\":{\"@id\":\"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b\"},\"breadcrumb\":{\"@id\":\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMifGh0dHBzOi8vYXJzdGVjaG5pY2EuY29tL2luZm9ybWF0aW9uLXRlY2hub2xvZ3kvMjAyMy8wMS9odW5kcmVkcy1vZi13b3JkcHJlc3Mtc2l0ZXMtaW5mZWN0ZWQtYnktcmVjZW50bHktZGlzY292ZXJlZC1iYWNrZG9vci_SAYABaHR0cHM6Ly9hcnN0ZWNobmljYS5jb20vaW5mb3JtYXRpb24tdGVjaG5vbG9neS8yMDIzLzAxL2h1bmRyZWRzLW9mLXdvcmRwcmVzcy1zaXRlcy1pbmZlY3RlZC1ieS1yZWNlbnRseS1kaXNjb3ZlcmVkLWJhY2tkb29yL2FtcC8?oc=5#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMifGh0dHBzOi8vYXJzdGVjaG5pY2EuY29tL2luZm9ybWF0aW9uLXRlY2hub2xvZ3kvMjAyMy8wMS9odW5kcmVkcy1vZi13b3JkcHJlc3Mtc2l0ZXMtaW5mZWN0ZWQtYnktcmVjZW50bHktZGlzY292ZXJlZC1iYWNrZG9vci_SAYABaHR0cHM6Ly9hcnN0ZWNobmljYS5jb20vaW5mb3JtYXRpb24tdGVjaG5vbG9neS8yMDIzLzAxL2h1bmRyZWRzLW9mLXdvcmRwcmVzcy1zaXRlcy1pbmZlY3RlZC1ieS1yZWNlbnRseS1kaXNjb3ZlcmVkLWJhY2tkb29yL2FtcC8?oc=5\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMifGh0dHBzOi8vYXJzdGVjaG5pY2EuY29tL2luZm9ybWF0aW9uLXRlY2hub2xvZ3kvMjAyMy8wMS9odW5kcmVkcy1vZi13b3JkcHJlc3Mtc2l0ZXMtaW5mZWN0ZWQtYnktcmVjZW50bHktZGlzY292ZXJlZC1iYWNrZG9vci_SAYABaHR0cHM6Ly9hcnN0ZWNobmljYS5jb20vaW5mb3JtYXRpb24tdGVjaG5vbG9neS8yMDIzLzAxL2h1bmRyZWRzLW9mLXdvcmRwcmVzcy1zaXRlcy1pbmZlY3RlZC1ieS1yZWNlbnRseS1kaXNjb3ZlcmVkLWJhY2tkb29yL2FtcC8?oc=5#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/harchi90.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hundreds of WordPress sites infected by recently discovered backdoor\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/harchi90.com\/#website\",\"url\":\"https:\/\/harchi90.com\/\",\"name\":\"harchi90\",\"description\":\"Just another WordPress site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/harchi90.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b\",\"name\":\"islamlacoste58\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/harchi90.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g\",\"caption\":\"islamlacoste58\"},\"sameAs\":[\"http:\/\/harchi90.com\"],\"url\":\"https:\/\/harchi90.com\/author\/islamlacoste58\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hundreds of WordPress sites infected by recently discovered backdoor - harchi90","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMifGh0dHBzOi8vYXJzdGVjaG5pY2EuY29tL2luZm9ybWF0aW9uLXRlY2hub2xvZ3kvMjAyMy8wMS9odW5kcmVkcy1vZi13b3JkcHJlc3Mtc2l0ZXMtaW5mZWN0ZWQtYnktcmVjZW50bHktZGlzY292ZXJlZC1iYWNrZG9vci_SAYABaHR0cHM6Ly9hcnN0ZWNobmljYS5jb20vaW5mb3JtYXRpb24tdGVjaG5vbG9neS8yMDIzLzAxL2h1bmRyZWRzLW9mLXdvcmRwcmVzcy1zaXRlcy1pbmZlY3RlZC1ieS1yZWNlbnRseS1kaXNjb3ZlcmVkLWJhY2tkb29yL2FtcC8?oc=5","og_locale":"en_US","og_type":"article","og_title":"Hundreds of WordPress sites infected by recently discovered backdoor - harchi90","og_description":"Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup published last week. The Linux-based malware installs a backdoor that causes infected sites to redirect visitors to malicious sites, researchers from security firm Dr.Web &hellip; Hundreds of WordPress sites infected by recently discovered backdoor Read More &raquo;","og_url":"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMifGh0dHBzOi8vYXJzdGVjaG5pY2EuY29tL2luZm9ybWF0aW9uLXRlY2hub2xvZ3kvMjAyMy8wMS9odW5kcmVkcy1vZi13b3JkcHJlc3Mtc2l0ZXMtaW5mZWN0ZWQtYnktcmVjZW50bHktZGlzY292ZXJlZC1iYWNrZG9vci_SAYABaHR0cHM6Ly9hcnN0ZWNobmljYS5jb20vaW5mb3JtYXRpb24tdGVjaG5vbG9neS8yMDIzLzAxL2h1bmRyZWRzLW9mLXdvcmRwcmVzcy1zaXRlcy1pbmZlY3RlZC1ieS1yZWNlbnRseS1kaXNjb3ZlcmVkLWJhY2tkb29yL2FtcC8?oc=5","og_site_name":"harchi90","article_published_time":"2023-01-04T21:59:08+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/wordpress-760x380.jpg"}],"author":"islamlacoste58","twitter_card":"summary_large_image","twitter_image":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/wordpress-760x380.jpg","twitter_misc":{"Written by":"islamlacoste58","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/harchi90.com\/hundreds-of-wordpress-sites-infected-by-recently-discovered-backdoor\/","url":"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMifGh0dHBzOi8vYXJzdGVjaG5pY2EuY29tL2luZm9ybWF0aW9uLXRlY2hub2xvZ3kvMjAyMy8wMS9odW5kcmVkcy1vZi13b3JkcHJlc3Mtc2l0ZXMtaW5mZWN0ZWQtYnktcmVjZW50bHktZGlzY292ZXJlZC1iYWNrZG9vci_SAYABaHR0cHM6Ly9hcnN0ZWNobmljYS5jb20vaW5mb3JtYXRpb24tdGVjaG5vbG9neS8yMDIzLzAxL2h1bmRyZWRzLW9mLXdvcmRwcmVzcy1zaXRlcy1pbmZlY3RlZC1ieS1yZWNlbnRseS1kaXNjb3ZlcmVkLWJhY2tkb29yL2FtcC8?oc=5","name":"Hundreds of WordPress sites infected by recently discovered backdoor - harchi90","isPartOf":{"@id":"https:\/\/harchi90.com\/#website"},"datePublished":"2023-01-04T21:59:08+00:00","dateModified":"2023-01-04T21:59:08+00:00","author":{"@id":"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b"},"breadcrumb":{"@id":"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMifGh0dHBzOi8vYXJzdGVjaG5pY2EuY29tL2luZm9ybWF0aW9uLXRlY2hub2xvZ3kvMjAyMy8wMS9odW5kcmVkcy1vZi13b3JkcHJlc3Mtc2l0ZXMtaW5mZWN0ZWQtYnktcmVjZW50bHktZGlzY292ZXJlZC1iYWNrZG9vci_SAYABaHR0cHM6Ly9hcnN0ZWNobmljYS5jb20vaW5mb3JtYXRpb24tdGVjaG5vbG9neS8yMDIzLzAxL2h1bmRyZWRzLW9mLXdvcmRwcmVzcy1zaXRlcy1pbmZlY3RlZC1ieS1yZWNlbnRseS1kaXNjb3ZlcmVkLWJhY2tkb29yL2FtcC8?oc=5#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMifGh0dHBzOi8vYXJzdGVjaG5pY2EuY29tL2luZm9ybWF0aW9uLXRlY2hub2xvZ3kvMjAyMy8wMS9odW5kcmVkcy1vZi13b3JkcHJlc3Mtc2l0ZXMtaW5mZWN0ZWQtYnktcmVjZW50bHktZGlzY292ZXJlZC1iYWNrZG9vci_SAYABaHR0cHM6Ly9hcnN0ZWNobmljYS5jb20vaW5mb3JtYXRpb24tdGVjaG5vbG9neS8yMDIzLzAxL2h1bmRyZWRzLW9mLXdvcmRwcmVzcy1zaXRlcy1pbmZlY3RlZC1ieS1yZWNlbnRseS1kaXNjb3ZlcmVkLWJhY2tkb29yL2FtcC8?oc=5"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/news.google.com\/__i\/rss\/rd\/articles\/CBMifGh0dHBzOi8vYXJzdGVjaG5pY2EuY29tL2luZm9ybWF0aW9uLXRlY2hub2xvZ3kvMjAyMy8wMS9odW5kcmVkcy1vZi13b3JkcHJlc3Mtc2l0ZXMtaW5mZWN0ZWQtYnktcmVjZW50bHktZGlzY292ZXJlZC1iYWNrZG9vci_SAYABaHR0cHM6Ly9hcnN0ZWNobmljYS5jb20vaW5mb3JtYXRpb24tdGVjaG5vbG9neS8yMDIzLzAxL2h1bmRyZWRzLW9mLXdvcmRwcmVzcy1zaXRlcy1pbmZlY3RlZC1ieS1yZWNlbnRseS1kaXNjb3ZlcmVkLWJhY2tkb29yL2FtcC8?oc=5#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/harchi90.com\/"},{"@type":"ListItem","position":2,"name":"Hundreds of WordPress sites infected by recently discovered backdoor"}]},{"@type":"WebSite","@id":"https:\/\/harchi90.com\/#website","url":"https:\/\/harchi90.com\/","name":"harchi90","description":"Just another WordPress site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/harchi90.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/harchi90.com\/#\/schema\/person\/0689156e87fbe869f0e5efdeef200d5b","name":"islamlacoste58","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/harchi90.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5bf7491076e3822b8e0de7b1f9364d75?s=96&d=mm&r=g","caption":"islamlacoste58"},"sameAs":["http:\/\/harchi90.com"],"url":"https:\/\/harchi90.com\/author\/islamlacoste58\/"}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":156280,"url":"https:\/\/harchi90.com\/effective-fast-and-unrecoverable-wiper-malware-is-popping-up-everywhere\/","url_meta":{"origin":177179,"position":0},"title":"Effective, fast, and unrecoverable: Wiper malware is popping up everywhere","date":"December 13, 2022","format":false,"excerpt":"Getty Images Over the past year, a flurry of destructive wiper malware from no fewer than nine families has appeared. In the past week, researchers cataloged at least two more both exhibiting advanced codebases designed to inflict maximum damage. On Monday, researchers from Check Point Research published details of Azov,\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/12\/Azov-note-copy-640x906.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":88193,"url":"https:\/\/harchi90.com\/no-fix-in-sight-for-mile-wide-loophole-plaguing-a-key-windows-defense-for-years\/","url_meta":{"origin":177179,"position":1},"title":"No fix in sight for mile-wide loophole plaguing a key Windows defense for years","date":"October 5, 2022","format":false,"excerpt":"Getty Images Over the past 15 years, Microsoft has made huge progress fortifying the Windows kernel, the core of the OS that hackers must control to successfully take control of a computer. A cornerstone of that progress was the enactment of strict new restrictions on the loading of system drivers\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":83566,"url":"https:\/\/harchi90.com\/high-severity-microsoft-exchange-0-day-under-attack-threats-220000-servers\/","url_meta":{"origin":177179,"position":2},"title":"High-severity Microsoft Exchange 0-day under attack threats 220,000 servers","date":"October 1, 2022","format":false,"excerpt":"Microsoft late Thursday confirmed the existence of two critical vulnerabilities in its Exchange application that have already compromised multiple servers and pose a serious risk to an estimated 220,000 more around the world. The currently unpatched security flaws have been under active exploit since early August, when Vietnam-based security firm\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/09\/congorepat-640x410.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":83353,"url":"https:\/\/harchi90.com\/urgent-microsoft-exchange-double-zero-day-like-proxyshell-only-different-naked-security\/","url_meta":{"origin":177179,"position":3},"title":"URGENT!  Microsoft Exchange double zero-day \u2013 \u201clike ProxyShell, only different\u201d \u2013 Naked Security","date":"October 1, 2022","format":false,"excerpt":"Just when you hoped the week would quieten down and yield you some SecOps downtime over the weekend\u2026 \u2026and along comes a brand new zero-day hole in Microsoft Exchange! more precisely, two zero-days that can apparently be chained together, with the first bug used remotely to open enough of a\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":85083,"url":"https:\/\/harchi90.com\/spyware-found-hidden-in-microsoft-logo-using-stenography-the-register\/","url_meta":{"origin":177179,"position":4},"title":"Spyware found hidden in Microsoft logo using stenography \u2022 The Register","date":"October 2, 2022","format":false,"excerpt":"Internet sops have been caught concealing spyware in an old Windows logo in an attackno on in the Middle East. The Witchetty gang used steganography to stash backdoor Windows malware \u2013 dubbed Backdoor.Stegmap \u2013 in the bitmap image. \"Although rarely used by attackers, if successfully executed, steganography can be leveraged\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"windows","src":"https:\/\/i0.wp.com\/regmedia.co.uk\/2022\/09\/30\/windows_malware.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"fifu_image_url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/wordpress-760x380.jpg","_links":{"self":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/177179"}],"collection":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/comments?post=177179"}],"version-history":[{"count":0,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/177179\/revisions"}],"wp:attachment":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/media?parent=177179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/categories?post=177179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/tags?post=177179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}