January 2023 - WordPress Security Alert the Linux.Wifatch
**UPDATE - This Security Alert did not effect any of our client website**
New WordPress Security Alert January 2023
Attention WordPress users: a new Linux-based malware has been discovered targeting your website. Dubbed "Linux.Wifatch," this malware has the ability to infiltrate your site and steal sensitive information. It is important to take immediate action to protect yourself and your website from this security threat.
To protect your website, make sure to keep your WordPress software and all plugins up-to-date. Additionally, use a strong password and limit the number of users with administrator access to your site.
If you suspect that your website has been compromised, perform a thorough scan and remove any malware found. It is also recommended to change all of your login credentials and monitor your site's activity closely.
Stay vigilant and take the necessary steps to ensure the safety of your website. Don't wait until it's too late to take action against this dangerous malware.
Targeted Plugins Include:
The targeted plugins and themes and the affected versions are below -
- WP Live Chat Support
- Yuzo Related Posts (5.12.89)
- Yellow Pencil Visual CSS Style Editor (< 7.2.0)
- Easy WP SMTP (1.3.9)
- WP GDPR Compliance (1.4.2)
- Newspaper (CVE-2016-10972, 6.4 - 6.7.1)
- Thim Core
- Smart Google Code Inserter (discontinued as of January 28, 2022, < 3.5)
- Total Donations (<= 2.0.5)
- Post Custom Templates Lite (< 1.7)
- WP Quick Booking Manager
- Live Chat with Messenger Customer Chat by Zotabox (< 1.4.9)
- Blog Designer (< 1.8.12)
- WordPress Ultimate FAQ (CVE-2019-17232 and CVE-2019-17233, 1.24.2)
- WP-Matomo Integration (WP-Piwik)
- ND Shortcodes (<= 5.8)
- WP Live Chat (8.0.27)
- Coming Soon Page and Maintenance Mode (<= 5.1.0)
- FV Flowplayer Video Player
- Coming Soon Page & Maintenance Mode
- Simple Fields
- Delucks SEO
- Poll, Survey, Form & Quiz Maker by OpinionStage
- Social Metrics Tracker
- WPeMatico RSS Feed Fetcher, and
- Rich Reviews
Two variants of a new malware targeting WordPress websites have been identified, both of which reportedly include a method for brute-forcing administrator accounts. It is unclear if this feature is a remnant from an earlier version or a yet-to-be-activated capability. If activated in newer versions of the malware, cybercriminals could potentially gain access to websites that have patched vulnerabilities.
To protect against this threat, WordPress users are advised to keep all components of the platform, including third-party add-ons and themes, up-to-date. Additionally, using strong and unique logins and passwords is recommended to secure accounts.
(Story has been updated with information from Doctor Web regarding the affected version numbers of plugins and themes.)