WordPress plugins found to contain crytomining exploit
Popular WordPress plugins have been used to disguise crytomining exploits, targeting the servers they run on. Once installed, the cryptominer runs in the background, using up precious server resources and channeling the funds back to the attacker.
The malicious plugins offer users the features of the popular plugins, but include a cryptocurrency miner binary file known as “Multios.Coinminer.Miner-6781728-2“. The WordPress plugin found to have been used for this purpose is UpdraftPlus, specifically the 1.16.16 version.
Apparently just removing the plugin will not stop the crytomining going on the background. Webmasters will have to perform regular server-side security scans and also make sure they have a good grip on access permissions. Sucuri, the company that identified this exploit, also recommends using the Sucuri Security WordPress plugin to improve your security.
Pokdepinion: Nothing is safe.