Cunning WordPress malware disguises itself as regular code
Could be a rising trend, suggests security researcher
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybersecurityexperts have identified a novel approach to disguisingWordPresssecurity threats that involves generating malware on the fly with legitimate-looking code.
In ablog post, Ned Andonov, a WordPress security expert atWordfence, shares details about the simple but effective obfuscation technique, which due to its unique characteristics doesn’t carry any of the usual detectable patterns.
“The code abstraction looked almost perfect, each class method was well commented, the business logic looked reasonable, and the code was following the latest code quality standards,” writes Andonov.
In fact, Andonov admits that themalware-generating code was so well-written that it would take a seasoned security analyst to notice anything suspicious about it.
Malware in code
Breaking down the code, Andonov says that while many of the methods look legitimate, the first thing that struck him as odd were the$indiciesvariable.
“This function is actually using a standard for loop to generate commonly used suspicious functions while evading detection and is the most obviously obfuscated portion of the code,” writes Andonov.
And that’s not all. The code also extracts compressed malware from inside a PNG image.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Andonov opines that the malware is professionally written and contains “a collection ofremotecommands including code execution, updates, and files access.”
Analyzing the psychological underpinnings of the technique used by the attacker, he refers to the work of Nobel-winning psychiatrist Daniel Kahneman, to conclude that a routine gaze at the code wouldn’t trip the sensors of an inexperienced analyst who would have no reason to suspect that the code deserves a closer look.
“Analysts would also do well to keep their System 2 mind engaged, as Kahneman would put it, when analyzing suspected malware,” concludes Andonov.
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
Quordle today – hints and answers for Saturday, November 9 (game #1020)
