BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Fake WordPress Plugin Comes with Cryptocurrency Mining Function

Malicious plugins for WordPress websites are being used not just to maintain access on the compromised server but also to mine for cryptocurrency.

- Advertisement -

Researchers at website security company Sucuri noticed the number of malicious plugins increase over the past months. The components are clones of legitimate software, altered for nefarious purposes.

Normally, these fake plugins are used to give attackers access to the server even after the infection vector is removed. But they can include code for other purposes, too, such as encrypting content on a blog.

Double hedging

One of the plugins discovered by Sucuri to have a double purpose is a clone of “wpframework.” It was found in September and attackers used it to “gain and maintain unauthorized access to the site environment,” the researchers say.

It is unclear which plugin it impersonates, but one with this name exists in the WordPress public repository but its development seems to have stopped in 2011. Despite this, it still has more than 400 active installations.

- Advertisement -

Apart from scanning for functions that allow command execution at the server level and restricting this privilege to the botmaster, the plugin also carried code to run a Linux binary that mines for cryptocurrency.

When the researchers checked the referenced domain hosting the binary it was no longer active. However, the backdoor functionality of the component was still present.

The mining component was added to the Virus Total antivirus scanning platform on September 18 and is currently detected by 25 out of 56 engines.

Generating malicious plugins

Although Sucuri does not provide details about the reason for the increased frequency of malicious plugins, it is worth noting that creating them is far from being an effort.

Instead of creating a malicious WordPress plugin from scratch, attackers can modify the code of an existing one to include malicious components.

Additionally, automated tools exist that can generate a plugin with a name given by the attacker and lace it with an arbitrary payload, such as a reverse shell.

Furthermore, the web offers the necessary tutorial for low-skilled attackers to learn how to create these fake website components.

Sucuri advises webmasters to also check the additional site components when doing a malware cleanup since many times this procedure is limited to WordPress core files. Themes and plugins are often migrated without any prior scrutiny. This way, attackers maintain their grip on the new site through the backdoor planted in third-party extensions.

Source

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Crypto Bill Fails to Meet White House July 4 Deadline

The White House will miss its July 4 deadline for passing a cryptocurrency market...

Alphabet Undervalued Despite Record Growth, AI Push

Alphabet (GOOGL) stock is deemed undervalued despite record revenue and strong AI positioning, trading...

PamStealer Malware Targets MacOS Users, Steals Data

A new macOS malware, PamStealer, is actively targeting cryptocurrency users by stealing wallet data...

Bitcoin Rebound Above $61K Sparks Rally: What’s Next?

The cryptocurrency market is rebounding today, with Bitcoin trading above $61,000.The rally may be...

Wealthy Americans Flee to New Zealand Amid Property Price Slump

New Zealand property prices have hit a 3-year low, creating a buying opportunity.A reported...

Must Read

12 Hosting Providers To Buy VPS With Bitcoin: An Expert Guide for 2026

You need a VPS. You want to pay with Bitcoin. Simple enough, right?Not quite. The market for crypto VPS = VPS hosting that accepts...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading