Researchers Uncover New Malware Campaign Targeting WordPress Sites

Cybersecurity researchers have unveiled a new campaign targeting WordPress sites, which disguises malware as a security plugin. The plugin, named "WP-antymalwary-bot.php," has several features to maintain access, hide from the admin dashboard, and execute remote code. Among its capabilities is a ping feature that can report to a command and control (C&C) server. This campaign allows attackers to gain remote administrative access to compromised sites.