Tuesday, December 5, 2023

PSA: Fake CVE-2023-45124 Phishing Scam Tricks Users Into Installing Backdoor Plugin

The reported phishing scam involving the fake CVE-2023-45124 targets WordPress users. This scam is executed through phishing emails that falsely claim to be from the WordPress team. These emails warn of a non-existent Remote Code Execution (RCE) vulnerability on the user's WordPress site, identified as CVE-2023-45124. However, it is important to note that CVE-2023-45124 is not a valid Common Vulnerabilities and Exposures (CVE) identifier.

Victims of this scam are prompted to download and install a "Patch" plugin, supposedly to fix this fabricated vulnerability. The link provided for downloading the plugin leads victims to a fake but convincing site. This deceptive strategy is designed to trick users into installing malware on their websites. The irony lies in the fact that the phishing message itself warns about data theft, while the actual intent of the scam is to introduce malware into the users' WordPress sites.

This sophisticated email campaign exploits fake WordPress security advisories, aiming to compromise website security. Security experts from Wordfence and PatchStack have intercepted and reported this malicious campaign, seeking to increase awareness among WordPress users about this specific threat​

IoC

DOMAIN

  • en-gb-wordpress.org

SHA256

  • ffd5b0344123a984d27c4aa624215fa6452c3849522803b2bc3a6ee0bcb23809

CVE

  • CVE-2023-45124

REFERENCES

  • https://www.bitdefender.com/blog/hotforsecurity/fake-wordpress-security-advisory-used-to-deploy-malware-and-backdoor/
  • https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/#:~:text=The%20Phishing%20email%20claims%20to,%E2%80%9CPatch%E2%80%9D%20plugin%20and%20install%20it
  • https://malware.news/t/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/76246
  • https://sensorstechforum.com/cve-2023-45124-fake-wordpress-advisory/#:~:text=WordPress%20administrators%20are%20facing%20a,raise%20awareness%20among%20WordPress%20users
  • https://otx.alienvault.com/pulse/656f2ee901a8cdd523b08cb8

TAGS

wordpress, wordfence, phishing scam, backdoor plugin, terminal, twitter

at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Fog of Cyber Warfare: Cloud Atlas Spies Attack Russian Companies Under the guise of Supporting NWO Participants

Cloud Atlas is a pro-government advanced persistent threat (APT) group that specializes in cyber espionage and theft of confidential informa...