WordPress Malware Spreads via Nulled WordPress Themes[src: bleepingcomputer]

by CIRT Team

A WordPress malware campaign that recently picked up steam last month is now using nulled (pirated) premium themes to infect new victims.

According to Sucuri security researcher Denis Sinegubko, the wp-vcd malware is now preinstalled inside pirated WordPress premium themes offered for download for free on some sites known for providing nulled scripts, themes, and plugins for various CMS platforms.

This particular malware — wp-vcd — works by adding a secret admin user to the site’s backend, with the username “100010010.” Attackers use this backdoor account to open connections to infected websites so attackers can carry out scripted attacks at later dates.

wp-vcd used to inject spam on infected sites

Sinegubko says that since Sucuri saw a resurgence of the wp-vcd malware in late November, attackers have used wp-vcd backdoor accounts to insert spam on infected sites.

Some of these spam messages also led users back to the websites offering the nulled themes, helping wp-vcd authors propagate their malware and expand their network of hacked sites

For more, click here.

CIRT Team

Recommended Posts

Training on cybersecurity awareness for Department of Women Affairs

25 Nov 2023 - Articles, English articles, News, News Clipping, Service

BGD e-GOV CIRT এর আয়োজনে আয়োজনে আর্থিক প্রতিষ্ঠান ও CII সমূহের সাইবার ড্রিল ২০২৩ চূড়ান্ত পর্ব অনুষ্ঠিত

22 Oct 2023 - Articles, Bangla Articles, CIRT In Media, News, News Clipping

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes

25 Oct 2022 - News, News Clipping