Summary: Malicious hackers are exploiting the ‘mu-plugins’ directory in WordPress to conceal malware, which is difficult for standard security checks to detect. Recently identified files, such as redirect.php and index.php, facilitate backdoor access, redirect users to harmful sites, and alter site content. The exploitation often stems from vulnerabilities such as weak credentials and poorly configured server permissions.
Affected: WordPress websites
Keypoints :
- Malware is hidden in the mu-plugins directory, which loads automatically without activation.
- Attackers use techniques like web shells and JavaScript injections to maintain control and monetize their attacks.
- Infected sites may exhibit unusual behavior, with unexpected file changes or performance issues.
Source: https://www.securityweek.com/threat-actors-deploy-wordpress-malware-in-mu-plugins-directory/