Researchers found malicious plugins on nearly 25,000 WordPress websites.
Researchers at the Georgia Institute of Technology discovered 47,337 malicious plugins on 24,931 unique WordPress websites. Each website used two or more infected plugins. 94 percent were actively engaged in malicious activity.
The researchers used a web development tool called YODA. The tool was able to track malicious code back to its source. The malware was typically sold publicly and distributed through piracy sites.
Hackers often injected the malware into websites through vulnerabilities in WordPress. This was especially the case for plugins added to WordPress. The researchers also discovered that some malicious plugins posed as legitimate plugins offered through legitimate marketplaces or trial versions on paid plugin sites.
The research further found that some WordPress plugins appeared to attack other plugins on servers with WordPress installations. The most common forms of abuse were cross-plugin infections and infections through existing vulnerabilities.
According to the researchers, WordPress admins should have their plugins analyzed and approved by development and security experts prior to deployment. In addition, the researchers advise users to scan all installed plugins and remove any plugin that shows signs of malware.