Sucuri’s investigations have revealed a new plugin that looked like an abandoned project but has now mysteriously changed owner followed by a name change to for the plugin to wooranker along with a push of the new version. With all of the plugin updates being nefarious in nature. Additionally, wooranker also added the CCTM_Communicator.php file, which worked together with another, older, legitimate plugin file. The purpose of these two files was to ping wooranker’s server about the presence of a newly infected site. Continue reading this story here.