blog image
blog image
November 26 2014

CryptoPHP - A hidden danger in your CMS?

PostedWednesday November 26th 2014

CryptoPHP is a long-term threat making it’s presence known in a big way; a threat which provides a backdoor into Joomla, WordPress and Drupal installations through themes and plugins, leaving your CMS installation open to further compromise and data loss. Thankfully the issue doesn’t affect all users, typically only those who have utilised published pirated themes and plugins which they have found free on the internet – these downloads would normally have been a premium purchase, instead the CryptoPHP actor is socially engineering website owners into installing ticking timebombs to their websites.

The CryptoPHP package is often hidden within an illegally sourced plugin or theme in a file titled “social.png”, but it poses a risk through it’s contents of hidden php code designed to DOS, mail, escalate privileges and share data.

Whilst the team at VentraIP are proactively scanning for this issue and working with our security detection vendors to find faster detection solutions, we recommend website owners conduct their own due diligence in managing their website. If you have ever downloaded a free theme or plugin which is normally a premium product (requiring purchase) and installed it to your website, we recommend you immediately uninstall it from your website.  Utilising pirated scripts may be putting your website, your business and your clients data at risk.

If you’re interested to know more about CryptoPHP, see the White Paper.

Share this article
Angelo is the co-CEO and one of VentraIP Australia's co-founders. His passion for the industry is only rivalled by his d...
Who are VentraIP Australia?
VentraIP Australia is the largest privately owned web host and domain name registrar in Australia, backed by a team of industry veterans and local technical professionals.
View website