When cleaning websites, we regularly find phishing pages, malicious code injected into files, and SEO spam. However, over the past couple of months we’ve also noticed a considerable increase in the number of malicious plugins which have been added to compromised websites as well.
These plugins appear to be legitimate, but inspecting the code reveals that the plugin is not just an innocent plugin at all. The fake plugins are actually part of the attack—and in most cases used as a backdoor for the attacker to maintain access to the compromised website environment, even after the initial infection vector has been cleaned up.
Source: Scuri check