11.Locks IsometricPattern Esm W900

Thirty security vulnerabilities in numerous outdated WordPress plugins and themes are being leveraged by a novel Linux malware to facilitate malicious JavaScript injections, reports BleepingComputer.

Both 32- and 64-bit Linux systems are being targeted by the new malware, which uses a set of successively running hardcoded exploits to compromise WordPress sites, according to a Dr. Web report. 

Outdated and vulnerable plugins and themes including WP Live Chat Support Plugin, Easysmtp, WordPress - Yuzo Related Posts, Thim Core, Google Code Inserter, WP Live Chat, and Hybrid would prompt the malware to retrieve a malicious JavaScript from its command-and-control server prior to script injection.

Attackers could then use the infected sites for phishing and malvertising campaigns, as well as malware distribution initiatives.