We recently discussed a particularly sneaky piece of malware that’s been disguising itself as fake plugin and targeting Joomla! users. While this phenomenon is not unique to the Joomla! content management system, SiteLock has discovered a recent trending fake plugin for WordPress, one of the world’s largest open source applications.
Fake plugins and extensions are a favorite, and particularly sneaky, way to inject malicious content into popular CMS platforms. Fake plugins disguise their malicious intent by mimicking the form and function of legitimate plugins. We will discuss a not-so-well-known fake Joomla! extension, what it does, and what you can do to protect your site from such attacks.