Sneaky Backdoor Disguised as WordPress Caching Plugin Seizes Control of Websites

Researchers from WordPress security firm Defiant unveiled a recently discovered
malware targeting WordPress websites, camouflaged as a legitimate caching
plugin.

The malevolent software was detected in July during a website cleanup operation.
This malware, essentially a backdoor, lets threat actors create an administrator
account, gaining complete control over the target website.

Clever Disguise
Analysts said the malware carries a “professional looking opening comment” to
mimic a legitimate ca