Recently, Chinese malware (backdoor) has been spreading through WordPress. We will explain about this malware.
Characteristics of Malware
This malware has the function of a backdoor, an unauthorized entrance to the hacker’s site.
It displays a list of all files and folders on the server and allows editing of all files.
The features are
$title = '删除文件'; →Delete a file $title = '查看/编辑 代码'; → edit a file
The malware probably originates from China, where Chinese characters such as “删除文件” are used.
How to deal with Chinese file editing backdoors?
This malware can be detected with the [Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].
Once detected, you can delete the entire file.
Also, this malware has file scanning and file editing capabilities, which means that all files in the server (even beyond domain folders) may have been tampered with in some way via this backdoor.
We recommend that you scan all sites on your server with the aforementioned malware scanner and take the necessary security measures.
This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.
