Daniel Cid, Sucuri’s chief technology officer reported that the infection is moving beyond Wordpress and more and more systems are being compromised. The compromise is initiated on Wordpress but if there are other sites on the same server, malware will surely try to spread itself there. Joomla and Magento are the sites that are hacked due to cross-site contamination.
Cid in a blog post wrote that the Backdoor is responsible for creating admin user 1001001 and injects the code (backdoor) to all the themes or core files. The infection affects the file by overwriting useful files and rendering them irrecoverable. This vulnerability helps the attackers to inject the spambots and malware on a site. Mailpoet apologised for the problem of the release of insecure Wordpress plugin. It said that it will run reviews for the internal security along with the penetration tests to find the issues before the release of plug-ins.