silversurfer

Level 54
Verified
Trusted
Content Creator
Malware Hunter
A malicious WordPress plugin ironically called WP Security has been spotted in the wild encrypting blog posts and rendering the content unreadable. It’s capable of targeting individual posts — an unusual behavior, according to researchers.

According to analysis from Sucuri, the plugin obtains a list of all of the posts within the system and encrypts them with keys, using the AES-256-CBC method and the openssl_encrypt function. The posts are encrypted inside the database, but only the actual post content is encrypted— everything else is untouched. A log file is then generated with a list of the encrypted posts.

“This is the first time we’ve seen a plugin target specific blog posts on a website, but it’s possible that we’ll see this more often in the coming months,” Sucuri researcher Kasimir Konov said in a blog posting on Monday.
Read more below: