“Since 2012 researchers in the Georgia Tech Cyber Forensics Innovation Laboratory have uncovered 47,337 malicious plugins across 24,931 unique WordPress websites through a web development tool they named YODA,” warns an announcement released Friday:
According to a newly released paper about the eight-year study, the researchers found that every compromised website in their dataset had two or more infected plugins.
The findings also indicated that 94% of those plugins are still actively infected.
“This is an under-explored space,” said Ph.D. student Ranjita Pai Kasturi who was the lead researcher on the project. “Attackers do not try very hard to hide their tracks and often rightly assume that website owners will not find them.”
YODA is not only able to detect active malware in plugins, but it can also trace the malicious software back to its source. This allowed the researchers to determine that these malicious plugins were either sold on the