Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites
Summary
Attackers have tampered with legitimate JavaScript files in popular WordPress plugins like PushEngage, OptinMonster, and TrustPulse, introducing hidden backdoors. When a site administrator is logged in, the compromised code creates a backdoor admin account and installs a hidden plugin, allowing persistent access.
IFF Assessment
This is bad news for defenders as it involves a sophisticated supply chain attack that compromises trusted plugins, creating persistent backdoors on websites.
Defender Context
This incident highlights the risk of supply chain attacks targeting popular plugins, emphasizing the need for robust code integrity checks and prompt patching. Defenders should be vigilant about unexpected changes in plugin behavior or the appearance of unauthorized administrative accounts.