We will explain a new type of malware called Core Stab (core-stab) or Task Controller (task-controller), which is often found on the websites of our clients who request our malware removal services.
Rogue Plugin Core Stub
This malware is installed illegally by breaking a vulnerability in WordPress or the login password of the admin panel, and creates a folder of malicious plugins with the following name in the wp-content/plugins folder of WordPress.
core-stab
task-controller
The files in this folder consist of the following
index.php
index.html
front/front.jpeg
If you open index.php, you will see the following code, which shows that front.jpeg is loaded.
/*
Plugin Name: Core Stab
Plugin URI: http://wordpress.org/#
Description: Official WordPress plugin
Author: WordPress
Version: 12.7.1
Author URI: http://wordpress.org/#
*/
@include('. /front/front.jpeg'); @include('.
The front.jpeg is not an image, and when opened in a text editor, you will see that it contains malicious PHP code, as shown below. This is the malware itself.
This malware is called a backdoor, which allows hackers to tamper with the site, embed illegal fills, and acquire information from the outside.
It sometimes appears in the admin panel as a plugin called Core Stab.
How to deal with malware
If a plugin with such a name and file structure is present on your WordPress site, it should be removed immediately.
If you are unable to remove it from the admin panel, use ftp software to connect to the server and delete the file manually.
Also, if this plugin is embedded, it is likely that there are other backdoors, vulnerabilities in the plugin, or that the administrator’s password has been broken, so please perform a malware scan and then take security measures.
[Free] WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
Reference
5 Free WordPress Security Measures
