911 Hack Removal

Fake Super Socializer Plugin [Adds Fake ICO files and Triggers Fake Ads] in WordPress Websites

Updated on: March 29, 2020

Fake Super Socializer Plugin [Adds Fake ICO files and Triggers Fake Ads] in WordPress Websites

Astra security engineers often find fake plugins installed on hacked websites. One such recent malware cleanup uncovered a fake plugin of Super Socializer Plugin in WordPress. This fake plugin triggered fake & malicious ads on the website. The plugin goes by the name “Super Socialat“, which clearly is a play on the name Super Socializer.

We will discuss the details (location, codes, etc) of Super Socialat in a minute. First, let me give you a little background of the original plugin- Super Socializer. Super Socializer is a plugin that helps websites with easy social logins and social sharing. At the time of writing this, it has 60,000+ active installations.

Technical Details: Fake Super Socializer Plugin

Moving on to the details. The Super Socialat plugin deems as follows in your plugins list.

The files listed inside the plugin are:

Our security researcher found that the fake plugin was skillfully hidden in the wp-content/plugins/super-socialat/super_socialat.php

On closer examination, they found the following malicious codes injected in the website:

What You Can Do?

If you have also seen fake ads/ico files on your site, this is what you can do.

Check Your Plugins List

Start with a manual check of your plugins. Make sure there are no plugins by the name “Super Socialat” installed on your website. If you do find the plugin, remove it instantly.

Check Fake User Accounts

We have also seen many fake accounts being created in these cases. Hackers usually devise a way to prolong their access to hacked sites. Creating fake user accounts is one of them.

To check the hack, review the user accounts on your website. Reviewing the wp_users table in your database can surely help in identifying fake accounts and remove them.

I want to specially mention here that just removing the fake plugin is not a solid solution. Understand that the hacker was able to insert this plugin due to some vulnerability. Hence, you need to do a proper malware cleanup of your WordPress.

You can also refer to the step-by-step WordPress malware removal guide.

Being Careful is the Key to Safety

All WordPress users are advised to double-check the plugins before installing. If your website has been behaving crazy as well, raise a malware cleanup request from here. Our security experts will clean the infection in just about 4-6 hours.

If you are not sure about the infection, check online for free.

If you are not hacked, do not risk an attack by being lousy in securing your website.  The simplest way you can you do that is by installing a trusted plugin that does all that for you. The WP Hardening by Astra automates security audit and fixing for you. You can now secure more than 12 crucial aspects of your website with a click.

If you want your website to be hardened to these hacks and more, install WP Hardening from here for free.

Have any concerns about your website, comment below or contact us, we promise to reply 🙂

Was this post helpful?

Ananda Krishna

Ananda Krishna is the co-founder & CTO of Astra Security, a SaaS suite that secures businesses from cyber threats. He has been acknowledged by the Indian Navy, Microsoft, United Airlines, etc. for finding critical security vulnerabilities in their systems. Winner of the Best Security Product at Global Conference on Cyberspace 2017 (awarded by Narendra Modi, Prime Minister of India) & French Tech Ticket, Paris (awarded by François Hollande, former President of France).At Astra he's building an intelligent security ecosystem - web application firewall (WAF), malware detection & analysis, large scale SaaS applications, APIs & more. He's actively involved in the cybersecurity community and shared his knowledge at various forums & invited talks.
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Blanik Knight
Blanik Knight
10 months ago

1st: thanx Haman=Human for the prompt responding on the chat!
2nd: thank you for your work at all … this article already helped me a lot
I am recently facing the “Socialat” attack … if this helps, the attack went probably via old Adminer I left in root, not secured…
I will definetely study your product(s) and will suggest it as a solution to my management!
Keep uP!
Pavel, The Blanik Knight

Naman Rastogi
Admin
10 months ago
Reply to  Blanik Knight

Thank you so much for your kind words 🙂

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany