Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
01 May 2025
Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin.
The plugin, which goes by the name "WP-antymalwary-bot.php," comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code.
"Pinging functionality that can report back to a command-and-control (C&C) server