BabaYaga, Self-Healing WordPress Malware
The team over at Wordfence have put together a study of a particular piece of WordPress malware. What makes the infection they’re calling BabaYaga interesting? This malware fights other infections for control of the site. This has been a little trend in the wider security field; interesting to see it’s come to WordPress.
To monopolize control of the compromised system, these malwares actually patch holes made by other infections. This makes sense, in the wild west any co-infectant is likely to compromise your mission. And what is BabaYaga’s mission:
BabaYaga’s primary function is to generate spam content to be hosted on the victim’s site. These pages are loaded with keyword-heavy and meaningless word salad, designed to attract search engine traffic based on those keywords.
Sounds awesome. :p
The linked PDF white-paper goes into pretty thorough and impressive depth on how BabaYaga works. It’s nto for the faint-of-heart, but it’s pretty cool.