I’ve just learned of a phishing scam affecting WordPress users. Specifically, this campaign targets users and potential users of All-in-One SEO Pack, the most downloaded plugin for WordPress. At least one of my clients has already received an email offering a “free trial” of All-in-One SEO Pro, the paid version of this popular plugin.
The email reads as follows:
You have been chosen by WordPress community to try out our new All in One SEO Pack Pro v2.1. For further information please click on the following link where you can also find the download link http://[bogus domain]/all-in-one-seo-pack/ WordPress Community http://[bogus domain]
The download from these links is malware and if installed on your WordPress site will compromise your account and your server via a backdoor which allows the scammers to inject additional malware on your server.
Needless to say, do NOT click the links nor install the plugin. If you have already done so, let me know immediately so we can limit the damage as much as possible.
The good news is that the Wordfence plugin installed on most of your sites should detect the modified plugin files when comparing them with the real files in the WordPress repository, but this is after the fact and at least some damage will already have been done.
If you’re interested in the technical details of this malware, visit the blog at http://Sucuri.net.