Skip to content
Email: info@itamindia.com
Login/Register
iTAM India - IT Asset Management
  • Home
  • About
    • About ITAM India
    • Teaching Faculty
    • ITAM India FAQs
    • Careers
    • Contact
  • Courses
    • Instructor Led Online
    • On-demand Courses
  • Certification
    • ITAM India Certifications
  • Resource
    • ITAM Glossary
    • Sys Admin Glossary
    • News
    • Blog
  • My Account
0

Currently Empty: ₹0.00

Continue shopping

iTAM India - IT Asset Management
  • Home
  • About
    • About ITAM India
    • Teaching Faculty
    • ITAM India FAQs
    • Careers
    • Contact
  • Courses
    • Instructor Led Online
    • On-demand Courses
  • Certification
    • ITAM India Certifications
  • Resource
    • ITAM Glossary
    • Sys Admin Glossary
    • News
    • Blog
  • My Account

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

Home » Blog » Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
Breadcrumb Abstract Shape
Breadcrumb Abstract Shape
Breadcrumb Abstract Shape
News

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

  • May 3, 2025
  • Com 0

Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin.

The plugin, which goes by the name “WP-antymalwary-bot.php,” comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code.

“Pinging functionality that can report back to a command-and-control (C&C) server is also included, as is code that helps spread malware into other directories and inject malicious JavaScript responsible for serving ads,” Wordfence’s Marco Wotschka said in a report.

First discovered during a site cleanup effort in late January 2025, the malware has since been detected in the wild with new variants. Some of the other names used for the plugin are listed below –

  • addons.php
  • wpconsole.php
  • wp-performance-booster.php
  • scr.php

Once installed and activated, it provides threat actors administrator access to the dashboard and makes use of the REST API to facilitate remote code execution by injecting malicious PHP code into the site theme’s header file or clearing the caches of popular caching plugins.

 

This article was first written here in The Hacker News

Share on:
Sheshagiri Anegondi

Sheshagiri helps companies reduce Software License & Support costs through deployment optimization and risk management in software license compliance audits. His core skills are Software License Management, Enterprise Software Sales & Sales Management.

Oregon's Open Source Lab is short a quarter of a million bucks
Indian Court Orders Action to Block Proton Mail Over AI Deepfake Abuse Allegations

News

  • Microsoft is opening Windows Update to third-party apps
  • Stargate UAE will be live in 2026
  • Adobe says: users must pay up or downgrade
  • Microsoft pulls MS365 Business Premium from nonprofits
  • What Is Big Tech Trying to Hide?
View All
License Compliance

Tags

Design Development Future licensing microsoft News Software
iTAM India - IT Asset Management

Empowering India with accredited education in SAM, HAM, ITOM, InfoSec and FinOps

Address: 408, Vashi Infotech Park, Sector 30A, Vashi, Navi Mumbai 400703
Email: info@itamindia.com

ITAM India

  • About ITAM India
  • Careers
  • Instructor Led Online Courses
  • On-Demand Courses
  • ITAM India Certified Credentials
  • OEM Credentials Practice Tests
  • FAQs

Learn

  • A listing of ITAM Skills
  • Network Monitoring
  • Hardware Asset Management
  • Software License Management
  • Software Asset Management
  • Information Security
  • CMDB
  • FinOps
  • IT Vendor Management

Contacts

Email Us
Icon-linkedin2 Icon-instagram Icon-twitter
Copyright 2025 ITAM India. All Rights Reserved.
iTAM India - IT Asset Management
Cancel Preloader