{"id":5747,"date":"2023-12-04T20:15:37","date_gmt":"2023-12-04T19:15:37","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=5747"},"modified":"2023-12-04T20:15:37","modified_gmt":"2023-12-04T19:15:37","slug":"wordpress-phishing-prevara-iskoristava-laznu-ranjivost","status":"publish","type":"post","link":"http:\/\/sajberinfo.com\/en\/2023\/12\/04\/wordpress-phishing-prevara-iskoristava-laznu-ranjivost\/","title":{"rendered":"WordPress phishing prevara iskori\u0161tava la\u017enu ranjivost"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><em>WordPress<\/em> <em>phishing<\/em> prevara iskori\u0161tava la\u017enu ranjivost kojom se poku\u0161avaju prevariti korisnici da instaliraju zlonamjerni softver. <a href=\"https:\/\/sajberinfo.com\/en\/2022\/01\/02\/phishing-meta-su-ljudi-ne-tehnologija\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>Phishing<\/em> kampanja<\/a> ima vi\u0161e varijanti poruka elektronske po\u0161te u kojoj se korisnici obavje\u0161tavaju o navodnoj sigurnosnoj ranjivosti na njihovoj <em>WordPress<\/em> Internet stranici.<\/span><\/p>\n<div id=\"attachment_5752\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-5752\" class=\"size-full wp-image-5752\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/WordPress-phishing.jpg\" alt=\"WordPress phishing prevara\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/WordPress-phishing.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/WordPress-phishing-300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/WordPress-phishing-150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/WordPress-phishing-768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/WordPress-phishing-12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/WordPress-phishing-80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/12\/WordPress-phishing-320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-5752\" class=\"wp-caption-text\"><em>WordPress phishing prevara iskori\u0161tava la\u017enu ranjivost; Source: Bing Image Creator<\/em><\/p><\/div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"http:\/\/sajberinfo.com\/en\/2023\/12\/04\/wordpress-phishing-prevara-iskoristava-laznu-ranjivost\/#WORDPRESS_PHISHING_KAMPANJA\" >WORDPRESS PHISHING KAMPANJA<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"http:\/\/sajberinfo.com\/en\/2023\/12\/04\/wordpress-phishing-prevara-iskoristava-laznu-ranjivost\/#INFEKCIJA_WORDPRESS_STRANICE\" >INFEKCIJA WORDPRESS STRANICE<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"http:\/\/sajberinfo.com\/en\/2023\/12\/04\/wordpress-phishing-prevara-iskoristava-laznu-ranjivost\/#ZAKLJUCAK\" >ZAKLJU\u010cAK<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"http:\/\/sajberinfo.com\/en\/2023\/12\/04\/wordpress-phishing-prevara-iskoristava-laznu-ranjivost\/#ZASTITA\" >ZA\u0160TITA<\/a><\/li><\/ul><\/nav><\/div>\n\n<h2><span class=\"ez-toc-section\" id=\"WORDPRESS_PHISHING_KAMPANJA\"><\/span><span style=\"font-size: 14pt;\"><strong><em>WORDPRESS PHISHING<\/em> KAMPANJA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Prevara je uo\u010dena od strane <a href=\"https:\/\/www.wordfence.com\/blog\/2023\/12\/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin\/\" target=\"_blank\" rel=\"noopener\"><em>Wordfence Threat Intelligence Team<\/em> sigurnosnih istra\u017eiva\u010da<\/a> i dolazi u formi elektronske po\u0161te u kojoj se korisnici upozoravaju na ranjivost daljinskog izvr\u0161avanja k\u00f4da na korisni\u010dkoj stranici sa identifikatorom <em>CVE-2023-45124<\/em>, koji trenutno nije va\u017ee\u0107i <em>CVE<\/em>.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Cilj ovih poruka je da korisnici preuzmu \u201c<em>zakrpu<\/em>\u201d (eng. <em>patch<\/em>) za dodatni modul (eng. <em>plugin<\/em>) i instaliraju na svojoj <em>WordPress<\/em> stranici. Veza za preuzimanje dodatnog modula koja se nalazi u elektronskoj po\u0161ti preusmjerava korisnika na izgledom uvjerljivu Internet stranicu na kojoj se preuzima ova zlonamjerno a\u017euriranje.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"INFEKCIJA_WORDPRESS_STRANICE\"><\/span><span style=\"font-size: 14pt;\"><strong>INFEKCIJA <em>WORDPRESS<\/em> STRANICE<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Kada korisnik preuzme ovaj dodatni modul i instalira ga na svojoj <em>WordPress<\/em> Internet stranici dodatak se instalira sa <em>slug<\/em>-om <em>wpress-security-wordpress<\/em> i dodaje zlonamjernog korisnika sa administratorskim privilegijama pod nazivom <em>wpsecuritypatch<\/em>.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Nakon toga se \u0161alje adresa stranice i <a href=\"https:\/\/sajberinfo.com\/en\/2019\/02\/24\/lozinka-password-sifra\/\" target=\"_blank\" rel=\"nofollow noopener\">lozinka<\/a> za kreiranog korisnika nazad na <em>C2<\/em> domen pod kontrolom napada\u010da. Zlonamjerni dodatni modul uklju\u010duje i funkcionalnost koja osigurava da ovaj korisnik ostane skriven, a pored toga se preuzima i zaseban <a href=\"https:\/\/sajberinfo.com\/en\/2023\/04\/11\/backdoor\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>backdoor<\/em> <\/a>koji se pod nazivom <em>wp-autoload.php<\/em> smije\u0161ta u <em>root<\/em> Internet lokacije.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Preuzeti <em>backdoor<\/em> sadr\u017ei menad\u017eer datoteka, <em>SQL<\/em> klijenta, <em>PHP<\/em> konzolu i terminal komandne linije i prikaza informacija o okru\u017eenju servera. Ovo omogu\u0107ava <a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjernim akterima<\/a> da odr\u017ee postojanost kroz vi\u0161e oblika pristupa, daju\u0107i im potpunu kontrolu nad <em>WordPress<\/em> stranicom, kao i korisni\u010dkim nalogom na serveru.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZAKLJUCAK\"><\/span><span style=\"font-size: 14pt;\"><strong>ZAKLJU\u010cAK<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Korisnici <em>WordPress <\/em>platforme moraju imati na umu, da pored dodatnih modula koji mogu biti ranjivi, postoje i potpuno zlonamjerni moduli. U ovom slu\u010daju zlonamjerni dodatni modul se maskira kao sigurnosno a\u017euriranje, a u su\u0161tini dodaje zlonamjernog korisnika sa administratorskim privilegijama i instalira zaseban <em>backdoor. <\/em><\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZASTITA\"><\/span><span style=\"font-size: 14pt;\"><strong>ZA\u0160TITA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Kako bi se za\u0161titili, korisnicima se preporu\u010duje da:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\">Budu na oprezu sa sumnjivom elektronskom i da ne prate nikakve veze u njima, uklju\u010duju\u0107i otkazivanje preplate (eng. <em>Unsubscribe<\/em>) ili da da instaliraju dodatne module preporu\u010dene u elektronskoj po\u0161ti.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Izbjegavaju nepotrebne <em>WordPress <\/em>dodatne module, ve\u0107 da samo koriste one koji su im stvarno potrebni.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Prije instalacije dodatnog <em>WordPress<\/em> modula, pa\u017eljivo pro\u010ditaju njegove korisni\u010dke recenzije, jer je neko mo\u017eda ve\u0107 primijetio ne\u0161to sumnjivo.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Deaktiviraju i uklone dodatne module koji se ne koriste.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Koriste <em>WordPress <\/em>dodatne module za skeniranje Internet stranica na prisustvo <a href=\"https:\/\/sajberinfo.com\/en\/2021\/09\/26\/malware\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjernog softvera<\/a>. Me\u0111utim, treba imati na umu na nisu u potpunosti pouzdani i da ih mnoge nove verzije zlonamjernog softvera za <em>WordPress<\/em> mogu prevariti.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Ako se <em>WordPress<\/em> Internet stranica pona\u0161a neobi\u010dno i postoji sumnja da je indicirana, potrebno je razmisliti o kontaktiraju bezbjednosnog stru\u010dnjaka.<\/span><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>WordPress phishing prevara iskori\u0161tava la\u017enu ranjivost kojom se poku\u0161avaju prevariti korisnici da instaliraju zlonamjerni softver. Phishing kampanja ima vi\u0161e varijanti poruka elektronske po\u0161te u kojoj se korisnici obavje\u0161tavaju o navodnoj sigurnosnoj ranjivosti na njihovoj&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":5752,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[175,61,604,259],"class_list":["post-5747","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-cve","tag-phishing","tag-plugins","tag-wordpress"],"_links":{"self":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5747","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=5747"}],"version-history":[{"count":0,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5747\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/5752"}],"wp:attachment":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=5747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=5747"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=5747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}