Malware spreading by hiding in WordPress themes and plugins

SINGAPORE - This bit of news is probably more for folks in the information technology departments or system administrators, but WordPress users should also be aware of the threat that is currently circulating, especially if you use themes and plugins.

The Singapore Computer Emergency Response Team (SingCERT) at the Infocomm Development Authority of Singapore issued an alert this morning about the CryptoPHP malware that is embedded in pirated versions of themes and plugins for WordPress, Joomla and Drupal.

SingCERT said that the malware integrates itself into the content management system (CMS) when the software is installed.

A report from Fox-IT, a cyber defence firm based in the Netherlands, said that operators of CryptoPHP currently abuses the backdoor for illegal search engine optimisation. SingCERT calls the action "the use of unethical techniques to boost the search ranking of a website or webpage".

The malware has been found to target WordPress, Joomla and Drupal, but Fox-IT's report said that the backdoor is "dynamic enough to become functional inside any CMS".

How to detect if a server has been infected and removal of the infection is probably the domain of IT folks, but users can do their part by not installing pirated plugins or themes.