Security News > 2022 > June > YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites

As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues.

The findings come from a new tool called YODA that aims to detect rogue WordPress plugins and track down their origin, according to an 8-year-long study conducted by a group of researchers from the Georgia Institute of Technology.

"The number of malicious plugins on websites has steadily increased over the years, and malicious activity peaked in March 2020. Shockingly, 94% of the malicious plugins installed over those 8 years are still active today."

The large-scale research entailed analyzing WordPress plugins installed in 410,122 unique web servers dating all the way back to 2012, finding that plugins that cost a total of $834,000 were infected post-deployment by threat actors.

Nulled plugins - WordPress plugins or themes that have been tampered to download malicious code on the servers - accounted for 8,525 of the total malicious add-ons, with roughly 75% of the pirated plugins cheating developers out of $228,000 in revenues.

"Using YODA, website owners and hosting providers can identify malicious plugins on the web server; plugin developers and marketplaces can vet their plugins before distribution," the researchers pointed out.

News URL

https://thehackernews.com/2022/06/yoda-tool-found-47000-malicious.html