Fake WordPress site distributing 2.6.4 backdoored release

If you mistype WordPress.org as Wordpresz.org, you’ll land at fake site, distributing 2.6.4 — purposely backdoored in order to steal the content of cookies from those who’ve installed it, potentially leading to to hijacking of their WordPress blogging platforms for malicious purposes. Not only is the fake domain registered several days ago, but also, it’s sharing […]

Share online:

If you mistype WordPress.org as Wordpresz.org, you’ll land at fake site, distributing 2.6.4 — purposely backdoored in order to steal the content of cookies from those who’ve installed it, potentially leading to to hijacking of their WordPress blogging platforms for malicious purposes. Not only is the fake domain registered several days ago, but also, it’s sharing IP (209.160.33.108) with a fake online pharmacy - livepills.com.

The backdoored pluggable.php file attempts to send the stolen data to wordpresz.org/tuk.php which is still accepting cookies if the requests are properly formatted. The spoof is a nearly perfect combination of social engineering, typosquatting and the natural EstDomains connection as the domain registrar, nearly perfect in the sense that they couldn’t duplicate the whole WordPress.org potentially raising suspicion at the end user’s end.

Full Article

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.