opular WordPress plugin opens backdoor, steals user credentials
Diposting : Senin, 28 Mar 2016

"If you are one of the 10,000+ users of the Custom Content Type Manager
(CCTM) WordPress plugin, consider your site to be compromised and
proceed to clean your installation up, Sucuri Security researchers have
warned.

After finding “a very suspicious auto-update.php file inside
wp-content/plugins/custom-content-type-manager/ during the cleanup on an
infected WP site, the researchers have begun digging, and discovered that:

The file in question is a backdoor that can download additional files
from a third-party domain, and save them in the plugin directory

The CCTM plugin has been available for download from the official WP
Plugin Directory for around three years, but hasn’t been updated in the
last 10 months. But, some two weeks ago, a new developer (“wooranker”)
started adding “small tweeks by new owner” and “bug fixes”:"

Sumber

Disclaimer | Copyright © 2013 - Id-SIRTII/CC
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center
Menara Ravindo Lt. 17, Jl. Kebon Sirih No. 75 Jakarta Pusat, 10340, Indonesia
Member of: