Supply chain attack used legitimate WordPress add-ons to backdoor sites

by
Dan Goodin
from Ars Technica - All content on (#5V9E7)
digital-1s-and-0s-800x450.jpeg

Enlarge (credit: Getty Images)

Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on quite a few" sites running the open source content management system.

The backdoor gave the attackers full administrative control of websites that used at least 93 WordPress plugins and themes downloaded from AccessPress Themes. The backdoor was discovered by security researchers from JetPack, the maker of security software owned by Automatic, provider of the WordPress.com hosting service and a major contributor to the development of WordPress. In all, Jetpack found that 40 AccessPress themes and 53 plugins were affected.

Unknowingly providing access to the attacker

In a post published Thursday, Jetpack researcher Harald Eilertsen said timestamps and other evidence suggested the backdoors were introduced intentionally in a coordinated action after the themes and plugins were released. The affected software was available by download directly from the AccessPress Themes site. The same themes and plugins mirrored on WordPress.org, the official developer site for the WordPress project, remained clean.

Read 7 remaining paragraphs | Comments

index?i=baqpAjcaVRo:wlN945L3SWo:V_sGLiPB index?i=baqpAjcaVRo:wlN945L3SWo:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments