Last month, a customer contacted us, concerned about persistent and inexplicable redirects on their WordPress website. Our investigation quickly unearthed a sophisticated piece of malware deeply embedded within their site’s core files. This wasn’t just a simple redirect; it was a complex operation designed for search engine poisoning and unauthorized content injection.

What Did We Find?

Our initial analysis led us to the wp-settings.php file, a critical WordPress core component. We discovered two highly suspicious lines of code that immediately stood out:

This code snippet is the initial entry point for the malicious payload.

Continue reading Stealthy PHP Malware Uses ZIP Archive to Redirect WordPress Visitors at Sucuri Blog.

Via Sucuri.net