Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors.

The attackers were trying to download the wp-config.php WordPress configuration file which contains database credentials and connection info, besides authentication unique keys, and salts.