The main payload that we have been seeing uploaded to the websites, however, is a fake “Zend Fonts” plugin:
Here is the path attack by malware "./wp-content/plugins/zend-fonts-wp/zend-fonts-wp.php".
These Plugin actually redirects website visitors to bogus scam sites.
Note: If your website visitors have reported strange redirects then your website may be compromised with this malware.
Functions of the Bogus “Zend Fonts” Plugin:-
1.One of the most simple functions in this malware is pretty typical of such bogus plugins: hiding it from view in wp-admin.
2.It Create a Database Table namely "wzen_time_table". With the help of the table it regenrate after removing the malware plugin. The user agent and IP address of any admin users is dumped into that table which it uses to prevent the redirect from occurring to any identified admin users.
3.It Effect all Wordpress Core files and create redirect function in it.
Preventing Website Attacks
The best way to ensure that your website does not fall victim to such an attack is to ensure all software on your website is up to date.this should always be implemented with a regular backup service in the event that you need to roll back any previous versions.
