What is Malware CryptoPHP?

What is Malware CryptoPHP?

Hi, here I will explain about a malware. opps quiet, I am here not to explain the malware on the computer but on a wordpress plugin, what is it and how do I clean it?

CryptoPHP is a malware that can force a server as spamming and other illegal acts with the help of scripts such as WordPress, Joomla, Drupal and others. The method used by CryptoPHP to be able to fit into a server is by entering a bootleg script and free on theme, plugin and others. The makers malware CryptoPHP enter their scripts into the script pirated or free them when they upload it on the internet so that when the user is using the script and upload to their website, then the script will infect websites and forcing the server to communicate by way of email spam.

What is Malware CryptoPHP?
WordPress Malware

If the owner of the server or VPS let it then certainly the IP that you use for email delivery (mail server) is blocked by many antispam and of course you can not send mail anywhere if it has been blocked. In addition, if you are a user of the VPS, then it will have an impact if left on the suspension and cancellation of the service provider, because it will be considered as spam.

(See also: What the Ddos attacks and spybot)

How to Clean Malware CrytoPHP From Your server

Malware CryptoPHP can be identified by the name of social.png. The malware authors to name social.png to run their scripts in order to trick the firewall and system administrators to detect the malware.

Social.png here is not the name of the image file, but rather a php script from Malware CryptoPHP. This is because naming the file name in the unix system does not mean, that means that despite having a .png name, the file containing the command php and can be executed.

To clean, simply run the following command to find all the files social.png

#find /home/ -name “social*.png” -exec grep -E -o ‘php.{0,80}’ {} \; -print

Once you find it, then make sure you remove all of the file to your server free of CryptoPHP.

Other ways also can be used to capitalize on the script scanning of Fox-IT is able to detect malware CryptoPHP even have different names (not social.png). Please download the script with the command:

#wget https://github.com/fox-it/cryptophp/blob/master/scripts/check_filesystem.py

After that, make the script executable with the command:

#chmod +x check_filesystem.py

Once completed, run the following command to perform scanning on all of your home directory:

#./check_filesystem.py /home

Once completed, check and delete all the files detected as CryptoPHP on your server or VPS.

Want to know more about CryptoPHP or other problems on the server, please comment below.

What is Malware CryptoPHP?
4.8 (96.25%) 16 votes

Follow Me

Asep Ulchre

This website written by single admin, he's like coffee, like the python programming language and art lovers.
Follow Me
%d bloggers like this: