CryptoPHP is a long-term threat making it’s presence known in a big way; a threat which provides a backdoor into Joomla, WordPress and Drupal installations through themes and plugins, leaving your CMS installation open to further compromise and data loss. Thankfully the issue doesn’t affect all users, typically only those who have utilised published pirated themes and plugins which they have found free on the internet – these downloads would normally have been a premium purchase, instead the CryptoPHP actor is socially engineering website owners into installing ticking timebombs to their websites.
The CryptoPHP package is often hidden within an illegally sourced plugin or theme in a file titled “social.png”, but it poses a risk through it’s contents of hidden php code designed to DOS, mail, escalate privileges and share data.
Whilst the team at VentraIP are proactively scanning for this issue and working with our security detection vendors to find faster detection solutions, we recommend website owners conduct their own due diligence in managing their website. If you have ever downloaded a free theme or plugin which is normally a premium product (requiring purchase) and installed it to your website, we recommend you immediately uninstall it from your website. Utilising pirated scripts may be putting your website, your business and your clients data at risk.
If you’re interested to know more about CryptoPHP, see the White Paper.