Security News > 2024 > April > New Wpeeper Android malware hides behind hacked WordPress sites

A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads.
Wpeeper stands out for its novel use of compromised WordPress sites to act as relays for its actual command and control servers, acting as an evasion mechanism.
Abusing WordPress as a C2. Wpeeper's novel C2 communication system is structured to leverage compromised WordPress sites and intermediate relay points, obscuring the location and identity of its actual C2 servers.
Wpeeper can update its C2 servers dynamically through the reception of a related command, so if a WordPress site is cleaned, new relaying points on different sites can be sent out to the botnet.
Using multiple compromised sites across different hosts and locations adds resilience to the C2 mechanism, making it hard to shut down the operation or even disrupt the data exchange on a single infected Android device.
New Brokewell malware takes over Android devices, steals data.
News URL
Related news
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- Thousands of WordPress Websites Infected with Malware (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- Malware campaign 'DollyWay' breached 20,000 WordPress sites (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)