Researchers have discovered a group of attackers who have published a variety of compromised WordPress themes and plug-ins on legitimate-looking sites, tricking developers into downloading and installing them on their own sites. The components then give the attackers remote control of the compromised sites and researchers say the attack may have been ongoing since September 2013.

The incident came to light through an investigation by researchers at Fox-IT in the Netherlands, who discovered it after noticing a compromised Joomla plug-in on a customer

The link for this article located at ThreatPost is no longer available.