Premium WordPress Theme AVADA hacked and infected with malware

WordPress Theme Avada infected by malware?

Today I had another case where a client's WordPress site was hacked. The hoster sent a list of files that contain malicious code. Noticeable here: All bad files are in the directory of the [Wordpress Theme-> wordpress-themes] "Avada":

• /wp-content/themes/Avada/framework/plugins/LayerSlider/layerslider.php
• /wp-content/themes/Avada/wp-conf.php
• /wp-content/themes/Avada/atom-conf.php
• /wp-content/themes/Avada/.cached
• /wp-content/themes/Avada/bruteforceng.so

I am particularly concerned about the file "bruteforceng.so", because it is a Unix library that obviously aims to hack something using [Bruteforce-Attacke-> bruteforce]. It may be that other servers are also to be attacked, but I couldn't get more details from the file.

A look at the styles.css in the Avada directory tells me that it is version 3.1.1 of the WordPress theme. We will now import the current theme version again, but I think that version 3.1.1 has a security hole somewhere, because it is remarkable that the malware is concentrated on the Avada directory.

But I am happy to pass on the development in this case. We are currently waiting for the hosting to be reactivated by Host-Europe. There domains with malicious code are immediately blocked and you have to remove the malware and write to support before the hosting is reactivated.

Jen Kleinholz( Founder & Sir Apfelot )

Jens has been running the blog since 2012. He appears as Sir Apfelot for his readers and helps them with problems of a technical nature. In his free time he drives electric unicycles, takes photos (preferably with his iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions for current bugs.