Jump to content
  • Cunning WordPress malware disguises itself as regular code

    aum

    • 436 views
    • 2 minutes
     Share


    • 436 views
    • 2 minutes

    Could be a rising trend, suggests security researcher

     

    Cybersecurity experts have identified a novel approach to disguising WordPress security threats that involves generating malware on the fly with legitimate-looking code.

     

    In a blog post, Ned Andonov, a WordPress security expert at Wordfence, shares details about a simple but effective obfuscation technique, which due to its unique characteristics doesn’t carry any of the usual detectable patterns.

     

    “The code abstraction looked almost perfect, each class method was well commented, the business logic looked reasonable, and the code was following the latest code quality standards,” writes Andonov.

     

    In fact, Andonov admits that the malware-generating code was so well-written that it would take a seasoned security analyst to notice anything suspicious about it.

     

    Malware in code


    Breaking down the code, Andonov says that while many of the methods look legitimate, the first thing that struck him as odd were the $indicies variable.

     

    “This function is actually using a standard for loop to generate commonly used suspicious functions while evading detection and is the most obviously obfuscated portion of the code,” writes Andonov.

     

    And that’s not all. The code also extracts compressed malware from inside a PNG image. 

     

    Andonov opines that the malware is professionally written and contains “a collection of remote commands including code execution, updates, and files access.”

     

    Analyzing the psychological underpinnings of the technique used by the attacker, he refers to the work of Nobel-winning psychiatrist Daniel Kahneman, to conclude that a routine gaze at the code wouldn’t trip the sensors of an inexperienced analyst who would have no reason to suspect that the code deserves a closer look. 

     

    “Analysts would also do well to keep their System 2 mind engaged, as Kahneman would put it, when analyzing suspected malware,” concludes Andonov.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...