WordPress Security Alert: Hacker posing as official sends warning about malicious patch links
Article Description:
Recently, security firm Wordfence disclosed that hackers have been posing asWordPressOfficial identities are sending malicious patch links to webmasters via phishing emails. The email claims to have discovered a website vulnerability (CVE-2023-45124) and advises the webmaster to immediately use the link to fix the vulnerability.
However, the links actually lead to phishing websites set up by the hackers themselves. If the victim clicks on the links without verifying the authenticity of the emails, he or she will be directed to a WordPress torrents website called “en-gb-wordpress [...] org”.
According to the official press release, once a victim installs the so-called “phishing patch,” the malware adds a hidden malicious administrator account “wpsecuritypatch” to the backend of the website and transmits the website's URL and password back to the hacker's server. The malware will add a hidden malicious administrator account “wpsecuritypatch” to the backend of the website and transmit the website URL and password back to the hacker's server. Next, the hacker will implant a backdoor program "wpgate [.] zip" in the website to maintain control of the victim's website.
Security researchers found that in an effort to increase trust, the hackers posted multiple fake comments in the comments section of the phishing site and listed some of the programmers at WordPress security firm Automattic as developers.
In response to this security threat, webmasters are advised to always verify any emails and links from WordPress officials with caution. In case of a similar situation, they should visit the official WordPress website directly for security advice, as well as strengthen their website's security configuration and monitoring measures to prevent similar malicious attacks from occurring.
- Can free downloads or VIP member-only resources be commercialized directly?
- The resources on this site are collected and organized through the network, for personal research and study purposes only. The copyright belongs to the legal owner of the software and program code, users should verify the copyright and legality of the resources, prohibited for commercial use, illegal activities or any violation of national laws and regulations.
- Disclaimer of liability for program or code bugs, compatibility issues or functional defects, etc.
- As the resources on this site are collected and organized through the network, not the site's original, it can not fully guarantee its functionality or code compatibility. Users need to verify whether the resources meet the needs of their own, due to the following circumstances lead to losses, this site does not assume any responsibility:
Programs, source code and other computer software resources may contain code vulnerabilities (bugs), compatibility issues or functional defects left by the developer. This site does not provide free repair services for such technical defects, users need to bear the risk of debugging, modification or abandonment of the use.
