Fake WordPress Functions Conceal assert() Backdoor

Fake WordPress Functions Conceal assert() Backdoor

A few weeks ago, I was manually inspecting some files on a compromised website. While checking on a specific WooCommerce file, I noticed something interesting.

Among 246 other lines, this very specific part stood out to me:

$config = wp_dbase_config_init(‘_as_sert’);

For those readers familiar with PHP functions commonly misused by hackers, you may have already spotted _as_sert as something suspicious.

Since it resembles the assert() function, let’s check the PHP definition of the function:

bool assert ( mixed $assertion [, string $description ] )
assert() will check the given assertion and take appropriate action if its result is FALSE.

Continue reading Fake WordPress Functions Conceal assert() Backdoor at Sucuri Blog.

Via Sucuri.net

Tags: , , ,