Malware obfuscation comes in all shapes and sizes — and it’s sometimes hard to recognize the difference between malicious and legitimate code when you see it.
Recently, we came across an interesting case where attackers went a few extra miles to make it more difficult to notice the site infection.
Mysterious wp-config.php Inclusion
During the inspection of the WordPress configuration file wp-config.php, we detected the following line of code:
include_once $_SERVER[‘DOCUMENT_ROOT’].’/wp-content/plugins/wp-config-file-editor/vendor/xptrdev/WPPluginFramework/Include/Services/Queue/functions.php’;
So, should this code snippet be there or not?
Continue reading Unmasking Black Hat SEO for Dating Scams at Sucuri Blog.
Source: Sucuri
