Fake UpdraftPlus Plugins

Fake UpdraftPlus Plugins

We often find various fake WordPress plugins installed by hackers during website cleanups. Recently, we’ve noticed a new wave of infections that install fake plugins with backdoor functionality.

Malicious Plugins Sourced from UpdraftPlus

Attackers have been using different names for these fake plugins, including initiatorseo or updrat123—but any title can be used.

While their code differs in terms of variable names, the malicious plugins do share a few things in common: they possess a similar structure and header comments from the popular backup/restore plugin UpdraftPlus.

Continue reading Fake UpdraftPlus Plugins at Sucuri Blog.

Via Sucuri.net

Tags: , ,