Fake "wordpress-update.com" website used to distribute malware.

  • This month we saw quite a lot of hacked WP websites having a malicious plugin named “Docs” (/wp-content/plugins/Docs) which was uploaded when hackers gained access to the dashboard:

    Plugin Name: Docs
Plugin URI: https://wordpress.com
Description: Welcome, the online manual for WordPress and a living repository for WordPress information and documentation.
Version: 1.1.0
Author: WordPress.com
Author URI: https://wordpress.com
License: GPLv2 or later

    Full raw + de-obfuscated code available here.

    The plugin connects to “wordpress-update.com” and downloads a lot of data (spamdexing).
    The domain was registered last June, and right now it is hosted by Hetzner.de IP 136.243.243.205. Closing the website will have no effect at all, within one hour or less, it will be back online elsewhere.

    As this is a flagrant case of cybersquatting used for hacking purposes, can’t Automattic help to get rid of it a the registrar level ?
    That would definitely solve the problem. Or at least for a while…because we noticed that it had an older sister ready to take over: wordpress-update.org (176.9.31.199), hosted by Hetzner too.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Please don’t post these into Requests and Feedback. That section isn’t for that.

    *Checks link*

    Do you mind posting that info on a gist or pastebin.com? Frankly, there’s a lot of self-promotion on that link.

    Note: I’m not accusing you of ill will. But I’m sure you can understand my point.

    Thread Starter nintechnet

    (@nintechnet)

    https://pastebin.com/bXp1eVjN
    Right below and beside the two promotional ads ??

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Thank you for your understanding. ??

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Fake "wordpress-update.com" website used to distribute malware.’ is closed to new replies.

Tags