Some WordPress plugins contain functions to secretly gain access to servers and install crypto mining malware. Website security company Sucuri states that these plugins are often clones from popular plugins, but adding functionality that allows the plugin to change server permissions. It’s unknown how many websites have been infected with this type of malware.
The threat of these type of hacks is serious. Approximately 61.5 percent of all websites have been build on WordPress, according to W3Techs. Joomla and Drupal are far behind with a 4.8 and 3.1 percent market share.
When the plugin is installed, it runs an executable. It creates a fake ‘wpframework’, which gives attackers unauthorized access to the website’s servers. From now on the attacker can run code on the server, including mining software. The name of this mining malware is ‘Multios.Coinminer.Miner-6781728-2’. It operates silently in the background and keeps mining even when the website owner removes the plugin from the website.
Because of the way this hack works, hackers could also use the servers or other things besides mining crypto. Think about for example mail spamming or DDoS attacks. Webmasters will need to do server-side security scans and install a capable firewall on their server to prevent these types of attacks.
The researchers at Sucuri identified at least one version of the WordPress crypto mining malware. It’s a copy of UpdraftPlus v1.16.16. The original version simplifies backups and restorations. They discovered the malware for the first time in September 2019.
Coinminer getting more traction
Coinminer has been around for some time now. This program generates bitcoin, monero, ethereum or other cryptocurrencies. Website owners can install the service on their website as a way to generate some extra income. However, Coinminer is far more popular as a malware. Using the computing power of thousands unknowing computer users to mine cryptocurrencies is one of the biggest upcoming threats in cyber security. This is often called crypto jacking, as the attacker hijacks computing power to mine cryptocurrencies.
Last year there was an increase of 4467% in crypto-mining malware. McAfee Labs called crypto-mining malware one of the biggest stories of the year. In the first quarter of 2019 the amount of ransomware attacks grew by 188 percent, while crypto mining grew with another 29 percent.
Also published on Medium.