Topic-icon CryptoPHP: the risk of install pirated extensions

5 years 10 months ago - 5 years 10 months ago #791 by Jose
I always say the easiest way to hack a Joomla website is using vulnerable extensions. But there is even a more simple way, and it doesn't require attack our website!

The idea is really simple: let Joomla administrators do the job for the hacker. Hackers use the following method: take CMS extensions (and themes) and then distribute them for free. Such versions are called nulled scripts. Obviously, there es a "gift" inside the code which let hackers take control of sites which the extension installed.

That CryptoPHP backdoor has a lot of features: it uses the framework of the CMS, public key encryption to communicate with C&C servers, inject content into webpages and so on...

The malicious code is used for various purposes, mainly black-hat SEO attacks and sending spam.

How avoid it

The easiest way is to download extensions from the official page of the developer. That's why the JED was created.

Besides this, it's always a good idea to check the integrity of downloaded files. If you use my extensions, you can see every version contains the following:

MD5 and SHA1 signatures grant the integrity of downloaded files. After download any file, you can use an online tool to compare the signature of your downloaded file against the web signature. For instance, in our case we use this tool , upload our file and check the obtained result:

As we can see, both are the same, so we can be sure of our file's authenticity.

Last edit: 5 years 10 months ago by Jose.

Please Log in or Create an account to join the conversation.

Time to create page: 0.100 seconds
Powered by Kunena Forum

Login or Sign In