As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites, out of which 3,685 plugins were sold on legitimate marketplaces, netting the attackers $41,500 in illegal revenues.
The findings come from a new tool called YODA that aims to detect rogue WordPress plugins and track down their origin, according to an 8-year-long study conducted by a group of researchers from the Georgia Institute of Technology.
“Attackers impersonated benign plugin authors and spread malware by distributing pirated plugins,” the researchers said in a new paper titled “Mistrust Plugins You…
More Info
