silversurfer

Level 53
Verified
Trusted
Content Creator
Malware Hunter
Malicious plugins for WordPress websites are being used not just to maintain access on the compromised server but also to mine for cryptocurrency.

Researchers at website security company Sucuri noticed the number of malicious plugins increase over the past months. The components are clones of legitimate software, altered for nefarious purposes.

One of the plugins discovered by Sucuri to have a double purpose is a clone of "wpframework." It was found in September and attackers used it to "gain and maintain unauthorized access to the site environment," the researchers say.