Fake WordPress Functions Conceal assert() Backdoor
A few weeks ago, I was manually inspecting some files on a compromised website. While checking on a specific WooCommerce file, I noticed something interesting.
Among 246 other lines, this very specific part stood out to me:
$config = wp_dbase_config_init(‘_as_sert’);
For those readers familiar with PHP functions commonly misused by hackers, you may have already spotted _as_sert as something suspicious.
Since it resembles the assert() function, let’s check the PHP definition of the function:
bool assert ( mixed $assertion [, string $description ] )
assert() will check the given assertion and take appropriate action if its result is FALSE.