WordPress is probably the most popular content management system (CMS) today, so it’s no wonder it’s also the subject of multiple cybersecurity threats. According to cybersecurity experts, the most serious of these threats is a criminal campaign deployed by a group identified as WP-VCD, from which most hacking incidents against WordPress sites stem.
A report published by the specialized platform ZDNet provides extensive details about this attack campaign, addressing one topic with special interest: the fact that these hackers do not exploit vulnerabilities to infiltrate compromised sites and Install backdoors, but they use pirated versions of legitimate WordPress themes and plugins, so they should just wait for a website administrator to download and install the infected software.
Cybersecurity experts detected multiple signs
of these hackers’ activity on fraudulent websites, offering pirated versions of
paid WordPress plugins and themes. In addition, all of these malicious sites
have good rankings in search results because they receive keyword boost from
all WordPress sites that have already been hacked, cybersecurity experts
report, so it’s really easy for a user to find this malware.
The sites where this malicious activity was
To check this behavior, cybersecurity experts
performed a Google search, entering the name of some popular WordPress themes
along with the word ‘download’, discovering that the first page of results
shows at least three of these sites.
After website administrators download any of
the infected plugins or themes, it’s only a few seconds before their WordPress
site is fully compromised. Downloading these components adds a backdoor
identified as ‘100010010’ to the target site, ensuring that hackers have a way
to access the installation.
Subsequently, the WP-VCD malware is added to
all the topics used on the site, to prevent it from disappearing from the
system due to a possible de-installation. Finally, if the malware acts in a
shared hosting environment, it can be spread to other servers, infecting other
sites hosted on the same system.
According to the experts of the International Institute
of Cyber Security (IICS), the main goal of these hackers is to use the hacked
sites to create a botnet and, from a C&C, control all the activities of