Astra security engineers often find fake plugins installed on hacked websites. One such recent malware cleanup uncovered a fake plugin of Super Socializer Plugin in WordPress. This fake plugin triggered fake & malicious ads on the website. The plugin goes by the name “Super Socialat“, which clearly is a play on the name Super Socializer.

We will discuss the details (location, codes, etc) of Super Socialat in a minute. First, let me give you a little background of the original plugin- Super Socializer. Super Socializer is a plugin that helps websites with easy social logins and social sharing. At the time of writing this, it has 60,000+ active installations.

 

Technical Details: Fake Super Socializer Plugin

Moving on to the details. The Super Socialat plugin deems as follows in your plugins list.

The files listed inside the plugin are:

Our security researcher found that the fake plugin was skillfully hidden in the wp-content/plugins/super-socialat/super_socialat.php

On closer examination, they found the following malicious codes injected in the website:

What You Can Do?

If you have also seen fake ads/ico files on your site, this is what you can do.

Check Your Plugins List

Start with a manual check of your plugins. Make sure there are no plugins by the name “Super Socialat” installed on your website. If you do find the plugin, remove it instantly.

Check Fake User Accounts

We have also seen many fake accounts being created in these cases. Hackers usually devise a way to prolong their access to hacked sites. Creating fake user accounts is one of them.

To check the hack, review the user accounts on your website. Reviewing the wp_users table in your database can surely help in identifying fake accounts and remove them.

I want to specially mention here that just removing the fake plugin is not a solid solution. Understand that the hacker was able to insert this plugin due to some vulnerability. Hence, you need to do a proper malware cleanup of your WordPress.

You can also refer to the step-by-step WordPress malware removal guide.

Being Careful is the Key to Safety

All WordPress users are advised to double-check the plugins before installing. If your website has been behaving crazy as well, raise a malware cleanup request from here. Our security experts will clean the infection in just about 4-6 hours.

If you are not sure about the infection, check online for free.

If you are not hacked, do not risk an attack by being lousy in securing your website.  The simplest way you can you do that is by installing a trusted plugin that does all that for you. The WP Hardening by Astra automates security audit and fixing for you. You can now secure more than 12 crucial aspects of your website with a click.

If you want your website to be hardened to these hacks and more, install WP Hardening from here for free.

Have any concerns about your website, comment below or contact us, we promise to reply 🙂

Was this post helpful?



Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Ananda Krishna

Ananda Krishna is the co-founder & CTO of Astra Security, a SaaS suite that secures businesses from cyber threats. He has been acknowledged by the Indian Navy, Microsoft, United Airlines, etc. for finding critical security vulnerabilities in their systems. Winner of the Best Security Product at Global Conference on Cyberspace 2017 (awarded by Narendra Modi, Prime Minister of India) & French Tech Ticket, Paris (awarded by François Hollande, former President of France). At Astra he's building an intelligent security ecosystem - web application firewall (WAF), malware detection & analysis, large scale SaaS applications, APIs & more. He's actively involved in the cyber security community and shared his knowledge at various forums & invited talks.

2 Comments

  1. 1st: thanx Haman=Human for the prompt responding on the chat!
    2nd: thank you for your work at all … this article already helped me a lot
    I am recently facing the “Socialat” attack … if this helps, the attack went probably via old Adminer I left in root, not secured…
    I will definetely study your product(s) and will suggest it as a solution to my management!
    Keep uP!
    Pavel, The Blanik Knight

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close