via wordfence.com => original post link
On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. Upon further investigation, our team quickly identified 4 additional affected plugins through our internal Threat Intelligence platform. We immediately notified the WordPress Plugin’s Team and they removed the malicious content from the plugins and performed some automated actions to invalidate the passwords of the injected administrator accounts.
The injected malware was used to exfiltrate data, inject malicious administrative user accounts, and inject SEO spam as well as crypto miners and drainers into the footer of websites. Roughly 35,000 sites could have been affected by this supply chain attack, though it’s unclear how many actually updated to a vulnerable version.
At this point, the Wordfence Threat Intelligence team has released a series of malware signatures that can be used to detect the malicious code on any compromised site using Wordfence the plugin, or Wordfence CLI – the command line security scanner. Wordfence Premium, Care and Response users received these malware signatures immediately, and Wordfence free users will receive them after a 30 day delay on July 25th, 2024. All Wordfence users will be notified by the Wordfence plugin and Wordfence CLI if they are running a vulnerable version of one of the plugins, and they should update the plugins immediately where available.