A malicious WordPress plugin generates advertising traffic for its unknown developers.

Malwarebytes researchers found several WordPress hosts websites that were infiltrated and infected with a malicious plugin that generates ad traffic. In a blog post outlining their results, it was reported that a “few dozen” WordPress websites were infiltrated. Moreover, whoever was behind the assault installed a backdoor dubbed “fuser-master”

Furthermore, the fuser-master is an impressive piece of craftsmanship. Whenever someone clicks on the unique URL, they are taken to the real blog, but with a popunder page. Moreover, that popunder, which was purchased from a separate page, will display multiple advertisements.

Human behavior imitation

The WordPress plugin will then replicate human behavior by briefly scrolling down the page before clicking on an ad. Furthermore, if the user scrolls, moves the mouse, or clicks anything, the plugin will pause, further concealing its presence.

In addition, the popunder page was reportedly alleged to renew itself on a regular basis, adding extra advertisements in the process. Also, if the visitor shuts the browser after seeing the popunder, all movement action is halted.

Furthermore, Malwarebytes discovered 50 blogs infected with fuser-master. The security service website researchers estimate that one of the sites had approximately 4 million visitors in January alone. They estimate an average visit time of nearly 25 minutes for one of the sites. Moreover, the writers of Fuser-master went to great lengths to conceal their identities. Aside from attempting to conceal itself, the plugin was unable to locate any references to it, its author, or a download site. Cybersecurity website researchers only discovered one reference of a WordPress theme detector on themesinfo.com.

At first glance, the majority of the blogs appear to be real. When a visitor inputs the precise URL and other data, however, the site is transformed into an ad fraud hub.

WordPress Website Security tips

here are some WordPress website plugin security tips:

1. Keep plugins updated: Most importantly you should maintain the security of your WordPress website is to keeping your plugins updated. New versions of plugins often contain security patches that address vulnerabilities.
2. Use only reputable plugins: Before installing a plugin, do your research to ensure that it is reputable and trustworthy. Look for reviews and ratings from other users, check the developer’s reputation, and make sure it’s been recently updated.
3. Remove unused plugins: Unused plugins can pose a security risk if they are not kept up to date. Be sure to remove any plugins that are no longer in use to reduce the risk of a security breach.
4. Use strong passwords: Ensure that all your plugins are protected by strong passwords. A strong password should be a combination of upper and lower-case letters, numbers, and special characters.
5. Limit access: Limit access to your website’s backend to only those who need it. This can be done by setting up different user roles with different levels of access.
6. Disable file editing: WordPress allows administrators to edit theme and plugin files from the WordPress backend. However, this can be a security risk if someone gains unauthorized access to the backend. To reduce this risk, disable file editing.
7. Monitor for vulnerabilities: Keep an eye on security advisories and vulnerability reports related to your plugins. You can use security plugins like Wordfence or Sucuri to monitor your website for security threats and vulnerabilities.

By following these tips, you can significantly reduce the risk of a security breach caused by plugins on your WordPress website.