{"id":224,"date":"2025-05-22T13:42:52","date_gmt":"2025-05-22T13:42:52","guid":{"rendered":"https:\/\/fikresekhel.com\/blog\/?p=224"},"modified":"2025-05-22T13:42:53","modified_gmt":"2025-05-22T13:42:53","slug":"%f0%9f%94%a5-malwares-mais-conhecidos-em-wordpress-2024-2025","status":"publish","type":"post","link":"https:\/\/fikresekhel.com\/blog\/malware\/%f0%9f%94%a5-malwares-mais-conhecidos-em-wordpress-2024-2025\/","title":{"rendered":"\ud83d\udd25 Malwares mais conhecidos em WordPress (2024\/2025)"},"content":{"rendered":"\n<h3 class=\"wp-block-heading\">1. <strong>WP-VCD<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\ud83e\udda0 <strong>Descri\u00e7\u00e3o:<\/strong> Malware extremamente popular que cria backdoors em <code>functions.php<\/code> dos temas.<\/li>\n\n\n\n<li>\ud83d\udea9 <strong>A\u00e7\u00e3o:<\/strong> Cria usu\u00e1rios maliciosos, injeta spam SEO, ativa redirecionamentos para sites de fraude e pornografia.<\/li>\n\n\n\n<li>\ud83d\udd25 <strong>Persist\u00eancia:<\/strong> Restaura-se mesmo ap\u00f3s remo\u00e7\u00e3o, se n\u00e3o limpo corretamente.<\/li>\n\n\n\n<li>\ud83d\udcc2 <strong>Localiza\u00e7\u00e3o comum:<\/strong> <code>\/wp-includes\/<\/code>, <code>\/wp-content\/themes\/<\/code>, <code>\/wp-content\/plugins\/<\/code>.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">2. <strong>Balada Injector<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\ud83e\udda0 <strong>Descri\u00e7\u00e3o:<\/strong> Uma campanha massiva de malware ativa desde 2017.<\/li>\n\n\n\n<li>\ud83d\udea9 <strong>A\u00e7\u00e3o:<\/strong> Redirecionamento para sites de scam, fraude, tech support scam, e instala\u00e7\u00e3o de outros malwares.<\/li>\n\n\n\n<li>\ud83d\udd17 <strong>Afeta:<\/strong> WordPress, Joomla, Drupal, e outros CMSs.<\/li>\n\n\n\n<li>\ud83d\udd25 <strong>T\u00e9cnica:<\/strong> Explora\u00e7\u00e3o autom\u00e1tica de vulnerabilidades conhecidas em plugins e temas.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">3. <strong>Japanese SEO Spam (Spam Black Hat SEO)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\ud83e\udda0 <strong>Descri\u00e7\u00e3o:<\/strong> Inje\u00e7\u00e3o de p\u00e1ginas falsas em japon\u00eas para vendas de produtos falsificados.<\/li>\n\n\n\n<li>\ud83d\udea9 <strong>A\u00e7\u00e3o:<\/strong> Afeta SEO, aparecendo como spam em resultados de busca.<\/li>\n\n\n\n<li>\ud83d\udd25 <strong>Ind\u00edcio:<\/strong> Google Search mostra p\u00e1ginas com caracteres japoneses no dom\u00ednio afetado.<\/li>\n\n\n\n<li>\ud83d\udcc2 <strong>Localiza\u00e7\u00e3o comum:<\/strong> <code>wp-content\/uploads\/<\/code>, <code>wp-includes\/<\/code>.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">4. <strong>NDSW\/NDSX Malware Family<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\ud83e\udda0 <strong>Descri\u00e7\u00e3o:<\/strong> Inje\u00e7\u00e3o de JavaScript no cabe\u00e7alho ou rodap\u00e9.<\/li>\n\n\n\n<li>\ud83d\udea9 <strong>A\u00e7\u00e3o:<\/strong> Carrega scripts externos de adware, phishing ou malware.<\/li>\n\n\n\n<li>\ud83d\udd25 <strong>Assinatura:<\/strong> Geralmente come\u00e7a com <code>var ndsw = ...<\/code>.<\/li>\n\n\n\n<li>\ud83d\udcdc <strong>T\u00e9cnica:<\/strong> Obfusca\u00e7\u00e3o pesada do JavaScript.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">5. <strong>Fake Plugins (Plugins Falsos)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\ud83e\udda0 <strong>Descri\u00e7\u00e3o:<\/strong> Cria\u00e7\u00e3o de plugins falsos com nomes semelhantes aos leg\u00edtimos.<\/li>\n\n\n\n<li>\ud83d\udea9 <strong>A\u00e7\u00e3o:<\/strong> Backdoors, shells PHP, mineradores de criptomoedas ou phishing.<\/li>\n\n\n\n<li>\ud83d\udcc2 <strong>Localiza\u00e7\u00e3o:<\/strong> <code>\/wp-content\/plugins\/<\/code> (com nomes como <code>wp-security<\/code>, <code>seo-tool<\/code>, <code>siteoptimizer<\/code>, etc.).<\/li>\n\n\n\n<li>\ud83d\udd25 <strong>T\u00e1tica:<\/strong> Desabilitam logs, desabilitam atualiza\u00e7\u00f5es e ocultam presen\u00e7a.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">6. <strong>Mailer Spam Script<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\ud83e\udda0 <strong>Descri\u00e7\u00e3o:<\/strong> Scripts PHP que transformam o WordPress em servidor de envio massivo de spam.<\/li>\n\n\n\n<li>\ud83d\udea9 <strong>A\u00e7\u00e3o:<\/strong> Envio de phishing, golpes banc\u00e1rios, spam geral.<\/li>\n\n\n\n<li>\ud83d\udd25 <strong>Localiza\u00e7\u00e3o:<\/strong> <code>wp-content\/uploads\/<\/code> ou backdoors disfar\u00e7ados de imagens ou PDFs.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">7. <strong>WordFence Backdoor Variants<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\ud83e\udda0 <strong>Descri\u00e7\u00e3o:<\/strong> N\u00e3o est\u00e1 ligado ao plugin Wordfence, mas usa nomes parecidos.<\/li>\n\n\n\n<li>\ud83d\udea9 <strong>A\u00e7\u00e3o:<\/strong> Cria um backdoor remoto e shell.<\/li>\n\n\n\n<li>\ud83d\udd25 <strong>T\u00e9cnica:<\/strong> PHP obfuscado que permite execu\u00e7\u00e3o remota de comandos, upload de arquivos, etc.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">8. <strong>WSO Shell \/ r57 \/ b374k (Generic PHP Shells)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\ud83e\udda0 <strong>Descri\u00e7\u00e3o:<\/strong> Webshells PHP universais, muito usados por atacantes.<\/li>\n\n\n\n<li>\ud83d\udea9 <strong>A\u00e7\u00e3o:<\/strong> Controle completo do servidor (upload, download, execu\u00e7\u00f5es de comandos, backdoors).<\/li>\n\n\n\n<li>\ud83d\udcc2 <strong>Localiza\u00e7\u00e3o:<\/strong> Escondido como arquivo de imagem, plugin ou tema.<\/li>\n\n\n\n<li>\ud83d\udd25 <strong>Assinatura:<\/strong> Muitas vezes vis\u00edvel em <code>index.php<\/code>, <code>functions.php<\/code>, <code>404.php<\/code> ou arquivos como <code>wp-config.php.back<\/code>.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">9. <strong>Cryptojacking Malware (Mineradores)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\ud83e\udda0 <strong>Descri\u00e7\u00e3o:<\/strong> Inje\u00e7\u00e3o de JavaScript para minerar criptomoedas (geralmente Monero) nos navegadores dos visitantes.<\/li>\n\n\n\n<li>\ud83d\udea9 <strong>A\u00e7\u00e3o:<\/strong> Aumenta uso de CPU dos visitantes do site.<\/li>\n\n\n\n<li>\ud83d\udd25 <strong>Local:<\/strong> Geralmente em <code>header.php<\/code>, <code>footer.php<\/code> ou arquivos JS remotos.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">10. <strong>Redirect Malware (Malvertising)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\ud83e\udda0 <strong>Descri\u00e7\u00e3o:<\/strong> Malware que redireciona visitantes para sites de phishing, pornografia, jogos de azar ou fraudes.<\/li>\n\n\n\n<li>\ud83d\udea9 <strong>A\u00e7\u00e3o:<\/strong> Ocorre apenas para visitantes humanos (bypass para bots e crawlers).<\/li>\n\n\n\n<li>\ud83d\udd25 <strong>Localiza\u00e7\u00e3o:<\/strong> <code>header.php<\/code>, <code>functions.php<\/code>, ou via banco de dados (<code>wp_options<\/code> ou <code>posts<\/code>).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udea9 <strong>Locais comuns de malware no WordPress<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>\/wp-content\/themes\/<\/code><\/li>\n\n\n\n<li><code>\/wp-content\/plugins\/<\/code><\/li>\n\n\n\n<li><code>\/wp-content\/uploads\/<\/code><\/li>\n\n\n\n<li><code>\/wp-includes\/<\/code><\/li>\n\n\n\n<li>Banco de dados (<code>wp_options<\/code>, <code>wp_posts<\/code> com payload JS, iframes ou base64)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Precisando de an\u00e1lise e remo\u00e7\u00e3o<\/strong>?<\/h2>\n\n\n\n<p>Fale conosco agora mesmo!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1. WP-VCD 2. Balada Injector 3. Japanese SEO [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":225,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,5,32],"tags":[],"class_list":["post-224","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-malware","category-wordpress"],"_links":{"self":[{"href":"https:\/\/fikresekhel.com\/blog\/wp-json\/wp\/v2\/posts\/224","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fikresekhel.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fikresekhel.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fikresekhel.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fikresekhel.com\/blog\/wp-json\/wp\/v2\/comments?post=224"}],"version-history":[{"count":1,"href":"https:\/\/fikresekhel.com\/blog\/wp-json\/wp\/v2\/posts\/224\/revisions"}],"predecessor-version":[{"id":226,"href":"https:\/\/fikresekhel.com\/blog\/wp-json\/wp\/v2\/posts\/224\/revisions\/226"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fikresekhel.com\/blog\/wp-json\/wp\/v2\/media\/225"}],"wp:attachment":[{"href":"https:\/\/fikresekhel.com\/blog\/wp-json\/wp\/v2\/media?parent=224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fikresekhel.com\/blog\/wp-json\/wp\/v2\/categories?post=224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fikresekhel.com\/blog\/wp-json\/wp\/v2\/tags?post=224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}