Home > Security > Security News

Legitimate Sypex Dumper Database Backup Utility, Used for Backdoors in WordPress Framework

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer

Attackers used the Sypex Dumper legitimate software in a malicious capacity within WordPress site files. They exploited outdated or overlooked software to create backdoors and gain unauthorized access to websites.

A recent investigation by Sucuri cybersecurity analysts identified the compromise during a routine integrity check of WordPress core files, where a suspicious file located in the wp-content/fonts/ directory appeared to mask itself as a legitimate font-related file, font.php. 

Upon further scrutiny, it was revealed to be a modified version of the legitimate Sypex Dumper database backup utility. This tool, once embedded in the WordPress files, served as a backdoor for attackers to exploit the site’s database.

Modified copy of the official Sypex utility intended to create a backdoor into the site | Source: Sucuri

The attackers had ingeniously combined various components of the Sypex Dumper utility (such as sxd.js and cfg.php) into a single file. When the compromised font.php file was accessed, it initiated a function to recreate the original utility's structure, giving bad actors unauthorized access to sensitive database content.

Sypex Dumper, no longer maintained by its original developer, became the perfect target for cybercriminals due to its lack of security patches and updates. This is a recurring trend, where attackers repurpose outdated software to exploit vulnerabilities and gain entry into systems. 

According to other reports, outdated Adminer scripts have been leveraged to steal database credentials and spread malicious code across websites. Similarly, a vulnerability in the File Manager plugin for WordPress left over 700,000 websites vulnerable to complete takeovers.

Even legitimate tools, when exploited or used improperly, can pose a significant security risk. Attackers often lean on outdated or unmonitored software to extract sensitive data such as admin credentials, stored user transactions, and other valuable information. 

Sucuri underscores that while tools like these may not interfere with a site’s functionality, they are frequently employed as footholds for larger, more destructive attacks.

Add a Comment
Related
Critical Zero-Day Vulnerability in Bubble.io Exposes User Data Across Major Enterprises to Risk
MITRE Funding by the U.S. Government to Stop Today, Security Teams Left Alarmed
VPN
Critical Ivanti VPN Vulnerability Exploited in the Wild by Suspected Espionage Group UNC5221
Critical Kubernetes Vulnerability in Ingress NGINX Controller Exposes Thousands of Clusters to Attack 
Hacker mirrored on a monitor
Exploiting Critical Authenticated Bypass Vulnerabilities to Gain Admin Access on GitLab
vulnerability
New GitHub Copilot and Cursor Vulnerability Allows Weaponizing the AIs, Exposing Millions to Risk
Most Popular
Andor Season 2
Andor Season 2 at Star Wars Celebration 2025: 5 Major Things Revealed
Weapons
"They never came back": Know Everything About Zack Cregger’s Upcoming Horror film Weapons (2025)
Bosch Legacy
Bosch: Legacy Season 3 Finale Ending Explained: Flower Girls Killer Revealed, Bosch’s next Appearance Confirmed, and more
Sinners
Sinners Ending and Post-Credits Scenes Explained: Smoke’s fate, Sammie’s Choice & a Sequel Tease
Star Wars Celebration 2025
Everything Revealed at Star Wars Celebration 2025: Starfighter, Maul, The Mandalorian & Grogu Footage, & more
IronHusky APT Revives MysterySnail RAT to Target Government Organizations in Russia and Mongolia
Andor Season 2 at Star Wars Celebration 2025: 5 Major Things Revealed
"They never came back": Know Everything About Zack Cregger’s Upcoming Horror film Weapons (2025)
Bosch: Legacy Season 3 Finale Ending Explained: Flower Girls Killer Revealed, Bosch’s next Appearance Confirmed, and more
Sinners Ending and Post-Credits Scenes Explained: Smoke’s fate, Sammie’s Choice & a Sequel Tease
Everything Revealed at Star Wars Celebration 2025: Starfighter, Maul, The Mandalorian & Grogu Footage, & more
IronHusky APT Revives MysterySnail RAT to Target Government Organizations in Russia and Mongolia

Most Popular
Andor Season 2
Andor Season 2 at Star Wars Celebration 2025: 5 Major Things Revealed
Weapons
"They never came back": Know Everything About Zack Cregger’s Upcoming Horror film Weapons (2025)
Bosch Legacy
Bosch: Legacy Season 3 Finale Ending Explained: Flower Girls Killer Revealed, Bosch’s next Appearance Confirmed, and more
Sinners
Sinners Ending and Post-Credits Scenes Explained: Smoke’s fate, Sammie’s Choice & a Sequel Tease
Star Wars Celebration 2025
Everything Revealed at Star Wars Celebration 2025: Starfighter, Maul, The Mandalorian & Grogu Footage, & more
IronHusky APT Revives MysterySnail RAT to Target Government Organizations in Russia and Mongolia
Andor Season 2 at Star Wars Celebration 2025: 5 Major Things Revealed
"They never came back": Know Everything About Zack Cregger’s Upcoming Horror film Weapons (2025)
Bosch: Legacy Season 3 Finale Ending Explained: Flower Girls Killer Revealed, Bosch’s next Appearance Confirmed, and more
Sinners Ending and Post-Credits Scenes Explained: Smoke’s fate, Sammie’s Choice & a Sequel Tease
Everything Revealed at Star Wars Celebration 2025: Starfighter, Maul, The Mandalorian & Grogu Footage, & more
IronHusky APT Revives MysterySnail RAT to Target Government Organizations in Russia and Mongolia

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: