Badass Britt 
This whole thing is more than a little bit concerning.
Sharing for any of my friends who use Wordpress and its plugin marketplace.
https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/
jonathankoren™@britt “And here is the wildest part. It resolved its C2 domain through an Ethereum smart contract, querying public blockchain RPC endpoints. Traditional domain takedowns would not work because the attacker could update the smart contract to point to a new domain at any time.”
Clever
Alison Meeks@britt Thanks for the heads up. I don't use WP but know lots of people that do.
KielKontrovers Blog@britt I always hated those commercial 3rd party plugins. I never trusted them. This was one reason to switch from Wordpress to Hugo.
Step Schwarz@britt I'm really surprised this isn't being talked about more. We saw an alert in WP Admin last week and quickly patched our sites, but this is the first mention I've seen of this in the wild.
here for making friends and learning 🏳️⚧️ 🏳️🌈♾️
rainey 🌻
Paul Chambers🚧@raineyday Thanks. These scammers always find a way. I just use a limited amount of plugins and have none of those. Most are from the WordPress parent company.
MeaningfulBits@paul @raineyday right! Don't use random plugins. It's crazy to read that they paid/wasted 6 figures on 30 plugins.
Also WP should push a "Breached" banner to each site through code/svn update instead of just deleting the author access.
Kenneth
Zach Perlman@britt I stopped using WordPress this year because of how many people try to hack it everyday.
Numerfolt
Cassandrich@britt From the perspective of capitalist walled-garden plugin repositories, this is everything working as intended.
You're *supposed* to be able to monetize people's trust in you by selling that to malicious parties, duh.
🤬
@britt There are so many things they could do to make this kind of operation less lucrative, less effective, more risky, etc. and it's very telling that they won't.
WideEyedCurious 🇺🇸 💙 🇺🇦 & 🇨🇦
Navi 
Dani
Jen 🏳️⚧️
Nazo
jordan
Z (@[email protected])
Attached: 1 image every browser extension author gets emails like this every day. know that about every single one you've installed.
snowyfox
Ro Laren RED57🥄💩🦨🍈🍊🤡Thank you, we have several Wordpress sites between us but it looks like we’d never installed any of the Essential plugins.
Guess they were non- essential for small timers like us.
Random Canuck 🍁😷 💉 VE3ZDN@britt, thanks for posting this. I have 3 domains, and found I had the countdown plug-in on one. I got the admin notice too, so now I need to scrub that domain… Sigh. I could see evidence that something weird was going on in the analytics, as there was a page showing that I didn't create, and that couldn't be visited.
Deb Nam-Krane@britt Thanks for the heads up. Now if only the advice didn't include Claude Code.