I always say the easiest way to hack a Joomla website is using vulnerable extensions. But there is even a more simple way, and it doesn't require attack our website!
The idea is really simple: let Joomla administrators do the job for the hacker. Hackers use the following method: take CMS extensions (and themes) and then distribute them for free. Such versions are called nulled scripts. Obviously, there es a "gift" inside the code which let hackers take control of sites which the extension installed.
That CryptoPHP backdoor has a lot of features: it uses the framework of the CMS, public key encryption to communicate with C&C servers, inject content into webpages and so on...
The malicious code is used for various purposes, mainly black-hat SEO attacks and sending spam.
How avoid it
The easiest way is to download extensions from the official page of the developer. That's why the JED was created.
Besides this, it's always a good idea to check the integrity of downloaded files. If you use my extensions, you can see every version contains the following:
MD5 and SHA1 signatures grant the integrity of downloaded files. After download any file, you can use an online tool to compare the signature of your downloaded file against the web signature. For instance, in our case we use
, upload our file and check the obtained result:
As we can see, both are the same, so we can be sure of our file's authenticity.