Uncovering a Stealthy WordPress Backdoor in mu-plugins
Recently, our team uncovered a particularly sneaky piece of malware tucked away in a place many WordPress users don’t even know exists: the mu-plugins folder. In fact, back in March, we saw a similar trend with hidden malware in this very directory, as detailed in our post Hidden Malware Strikes Again: MU-Plugins Under Attack. This current infection was designed to be quiet, persistent, and very hard to spot.
./wp-content/mu-plugins/wp-index.php
For those unfamiliar, mu-plugins stands for “must-use plugins.” These are special WordPress plugins that are automatically activated and cannot be deactivated from the WordPress admin panel.
Continue reading Uncovering a Stealthy WordPress Backdoor in mu-plugins at Sucuri Blog.
Read more: Uncovering a Stealthy WordPress Backdoor in mu-plugins