**UPDATE - This Security Alert did not effect any of our client website**

 

New WordPress Security Alert January 2023

Attention WordPress users: a new Linux-based malware has been discovered targeting your website. Dubbed "Linux.Wifatch," this malware has the ability to infiltrate your site and steal sensitive information. It is important to take immediate action to protect yourself and your website from this security threat.

To protect your website, make sure to keep your WordPress software and all plugins up-to-date. Additionally, use a strong password and limit the number of users with administrator access to your site.

If you suspect that your website has been compromised, perform a thorough scan and remove any malware found. It is also recommended to change all of your login credentials and monitor your site's activity closely.

Stay vigilant and take the necessary steps to ensure the safety of your website. Don't wait until it's too late to take action against this dangerous malware.

 

Targeted Plugins Include: 

The targeted plugins and themes and the affected versions are below -

• WP Live Chat Support
• Yuzo Related Posts (5.12.89)
• Yellow Pencil Visual CSS Style Editor (< 7.2.0)
• Easy WP SMTP (1.3.9)
• WP GDPR Compliance (1.4.2)
• Newspaper (CVE-2016-10972, 6.4 - 6.7.1)
• Thim Core
• Smart Google Code Inserter (discontinued as of January 28, 2022, < 3.5)
• Total Donations (<= 2.0.5)
• Post Custom Templates Lite (< 1.7)
• WP Quick Booking Manager
• Live Chat with Messenger Customer Chat by Zotabox (< 1.4.9)
• Blog Designer (< 1.8.12)
• WordPress Ultimate FAQ (CVE-2019-17232 and CVE-2019-17233, 1.24.2)
• WP-Matomo Integration (WP-Piwik)
• ND Shortcodes (<= 5.8)
• WP Live Chat (8.0.27)
• Coming Soon Page and Maintenance Mode (<= 5.1.0)
• Hybrid
• Brizy
• FV Flowplayer Video Player
• WooCommerce
• Coming Soon Page & Maintenance Mode
• Onetone
• Simple Fields
• Delucks SEO
• Poll, Survey, Form & Quiz Maker by OpinionStage
• Social Metrics Tracker
• WPeMatico RSS Feed Fetcher, and
• Rich Reviews

 

Two variants of a new malware targeting WordPress websites have been identified, both of which reportedly include a method for brute-forcing administrator accounts. It is unclear if this feature is a remnant from an earlier version or a yet-to-be-activated capability. If activated in newer versions of the malware, cybercriminals could potentially gain access to websites that have patched vulnerabilities.

To protect against this threat, WordPress users are advised to keep all components of the platform, including third-party add-ons and themes, up-to-date. Additionally, using strong and unique logins and passwords is recommended to secure accounts.

This disclosure comes on the heels of another botnet called GoTrim, which also targets self-hosted WordPress websites. Additionally, in the past two months, over 15,000 WordPress sites were breached as part of a malicious campaign to redirect visitors to fake Q&A portals, with the number of active infections currently standing at 9,314. A traffic direction system known as Parrot has also been observed targeting WordPress sites with rogue JavaScript that drops additional malware.

(Story has been updated with information from Doctor Web regarding the affected version numbers of plugins and themes.)