Badass Britt 1d ago

This whole thing is more than a little bit concerning.

Sharing for any of my friends who use Wordpress and its plugin marketplace.

https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/

Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.

Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into

Anchor Hosting
Show threadjonathankoren™

@britt “And here is the wildest part. It resolved its C2 domain through an Ethereum smart contract, querying public blockchain RPC endpoints. Traditional domain takedowns would not work because the attacker could update the smart contract to point to a new domain at any time.”

Clever

Apr 13 at 3:32pmWeb