WordPress Malware Spreads via Nulled WordPress Themes[src: bleepingcomputer]
by CIRT Team
A WordPress malware campaign that recently picked up steam last month is now using nulled (pirated) premium themes to infect new victims.
According to Sucuri security researcher Denis Sinegubko, the wp-vcd malware is now preinstalled inside pirated WordPress premium themes offered for download for free on some sites known for providing nulled scripts, themes, and plugins for various CMS platforms.
This particular malware — wp-vcd — works by adding a secret admin user to the site’s backend, with the username “100010010.” Attackers use this backdoor account to open connections to infected websites so attackers can carry out scripted attacks at later dates.
wp-vcd used to inject spam on infected sites
Sinegubko says that since Sucuri saw a resurgence of the wp-vcd malware in late November, attackers have used wp-vcd backdoor accounts to insert spam on infected sites.
Some of these spam messages also led users back to the websites offering the nulled themes, helping wp-vcd authors propagate their malware and expand their network of hacked sites
For more, click here.