About 4,000 WordPress websites have been infected with a malware that disguises itself as a search engine optimization plugin to attract unwary webmasters. The fake plugin is called WP-Base-SEO and is based on a legitimate SEO module. Thus, it is easily overlooked during security scans and seems to be a viable tool by a web team intent on boosting its traffic. The plugin creates a backdoor to the victimized site. The attacker is likely scanning the Internet looking for outdated WordPress plugins, particularly those running a plugin called RevSlider, as per the researchers. The malware infects those WordPress websites which had an out of date version of RevSlider installed.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street