Malware in woocommerce-add-ajax-admin-dev

  • captainswallow

    (@captainswallow)


    5 years, 4 months ago

    This alleged plugin was recently detected in one of the sites I manage “woocommerce-add-ajax-admin-dev” – I say “detected”, but only after a rogue admin account was somehow created and the site locked down and scanned (even though it’s regularily scanned with Sucuri, among other safety measures).
    This was NOT uploaded to the best of my knowledge, though the server claims it was uploaded in March of this year (of course).
    It does not appear to exist in the WP repository, nor anywhere else – neither does the alleged developer, “Grem Lucci”.

    Following is information from the file:
    * The plugin’s add functions to ajax help admin
    *
    * @since 2.4.2
    * @package WooCommAjaxHelp
    *
    * @waddtocarts-plugin
    * Plugin Name: WooCommerce to add ajax help
    * Description: All add to carts woocommerce
    * Version: 2.4.2
    * Author: Grem Lucci
    * License: GPL-2.0+
    * License URI: http://www.gnu.org/licenses/gpl-2.0.txt
    * Text Domain: woocomm-ajax-help
    * Domain Path: /languages
    * WC tested up to: 4.0

Viewing 1 replies (of 1 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    5 years, 4 months ago

    Sadly this generally means you have been hacked and the malicious actor dropped a file/plugin that LOOKS like another one in your site 🙁 Since you’re already paying Sucuri, you may want to ask them to do a full scan of your whole site (esp the database). The odds are something on there is vulnerable.

    To explain this part:

    This was NOT uploaded to the best of my knowledge, though the server claims it was uploaded in March of this year (of course).

    So that means that Sucuri didn’t spot anything bad in the file at the time, and gives you a point in time as to when there WAS a vulnerability. But March was a million years ago so it’s not going to be super helpful here.

Viewing 1 replies (of 1 total)

The topic ‘Malware in woocommerce-add-ajax-admin-dev’ is closed to new replies.