Threat actors have discovered a new technique to insert malicious code into websites. They are currently utilizing Eval PHP, an abandoned WordPress plugin.
Mostly, website backdoors are programmed in PHP, the foundational language of the modern web. Most other popular CMS platforms, including Joomla, Magento, and WordPress (which make up over 40% of the web), are based on PHP.
PHP is a highly universal language so attackers can abuse it. Backdoors are one of the most widely used (and misused) by attackers.
Over the past few weeks, PHP code injections have been discovered. These attacks send a previously known payload that allows the attackers to execute code on the infected website remotely.
The ‘wp_posts’ table in the databases of the targeted websites is where the malicious code is introduced. As a result, it avoids standard website security procedures like file integrity monitoring, server-side scanning, etc., making it more difficult to detect.