Thousands of WordPress Sites Infected with Malware Containing Four Distinct Backdoors

Thousands of WordPress sites have been infected with malware that includes four distinct backdoors. This unique type of attack exploits unmonitored third-party dependencies in users' browsers. The four backdoors allow attackers to maintain multiple entry points in case one is detected and removed. The functions of the backdoors include installing a fake plugin named "Ultra SEO Processor" to execute commands, injecting malicious JavaScript into wp-config.php, adding an attacker-controlled SSH key for persistent remote access, and executing remote commands via gsocket[.]io to open a reverse shell.