Hiding from strangers
https://www.bleepingcomputer.com/news/security/hackers-backdoor-sites-by-hiding-fake-wordpress-plugins/
Malicious plugins that hide in plain sight and act as backdoors are used by attackers to gain and maintain a foothold on WordPress websites, and to upload web shells and scripts for brute-forcing other sites.
For instance, some of these fake plugins with backdoor functionality — named initiatorseo or updrat123 by their creators — were seen cloning the functionality of the highly popular backup/restore WordPress plugin UpdraftPlus, with a current active number of over two million installations.
Hiding from strangers
Oct 18, 2019, 11:15pm UTC
https://www.bleepingcomputer.com/news/security/hackers-backdoor-sites-by-hiding-fake-wordpress-plugins/
> Malicious plugins that hide in plain sight and act as backdoors are used by attackers to gain and maintain a foothold on WordPress websites, and to upload web shells and scripts for brute-forcing other sites.
> For instance, some of these fake plugins with backdoor functionality — named initiatorseo or updrat123 by their creators — were seen cloning the functionality of the highly popular backup/restore WordPress plugin UpdraftPlus, with a current active number of over two million installations.