Foregenix Blog Uncovering Stealthy Malware Tactics: Disabling WordFence Scanner

During an investigation of a compromised merchant, the Threat Intelligence Team observed a suspicious file modification that had occurred around the same time as the introduction of malware on the filesystem. A file used by WordFence, a security plugin for WordPress, had its file size increased by just 39 bytes, and an initial review of the file did not uncover any sort of one-line backdoor, which you might expect from these sorts of small modifications.