As part of Imunify360’s proactive malware research activities, we recently identified that a plugin named Adicionar Banco Inter ao WooCommerce from WordPress repository, which can be used to identify malware in web servers, indeed had active malware inside one of the plugin’s source files.

As part of Imunify360’s proactive malware research activities, we recently identified that a plugin named Malicious Checker from WordPress repository, which can be used to identify malware in web servers, indeed had active malware inside one of the plugin’s source files.

Web sites running WordPress are like catnip for hackers. Among the millions of WordPress users are many with weak login credentials, which are exploited to launch malware campaigns. 

Many such campaigns have been launched recently, and we at Imunify360 have discovered another one. We first detected it on 13 April, and since then we’ve seen it blocked by Imunify over 300,000 times. In the past month, this campaign has compromised thousands of unprotected WordPress-based web sites. 

Let’s analyze this new WordPress malware campaign to see what makes it dangerous to web sites running WordPress. 

Doorway pages are a great way to improve a website’s SEO ranking.

They’re also a great way to get your domain blocked by major search engines.

So why are they still prevalent? How do they work, and why should you care if your web server hosts them?

That’s what I’ll cover in this article.

Your web server's image processor could be malware hiding in plain sight.

I'm going to describe an interesting type of malware the Malware Intelligence Team recently uncovered during a recent research operation.

At the time of writing, there were 11,320 cases of it detected and neutralized on 265 websites across 183 servers.

It is a particularly ingenious and potentially destructive type of malware: it is designed to appear as a legitimate image processor, and can act as a backdoor to your web server.

An unlucky upshot of running your own website or online store is that, sooner or later, hackers will add it to their ‘juicy list of prey’. Once in their list, hackers will continuously scan and probe your site for weaknesses, trying to find a way to further their illicit goals.