At the end of November 2017,Security specialists discovered a new malware Wp-Vcd
Wp-Vcd attacks sites running WordPress. The malware uses known vulnerabilities in plug-ins or CMS for attacks and they mask themselves as a legitimate WordPress files. If the attack succeeds, a new, hidden administrator account (login 100010010) is created on the infected sites, which then can be used as a backdoor.
Users often use third-party sites to install “pirate” plug-ins, themes and scripts for various CMSies, including WordPress. These initially paid Themes and plug-ins were allegedly “cleaned” by hackers and are now distributed completely free of charge.
Experts warn that it is with the help of such hacked Themes for WordPress the Wp-Vcd is distributed. Researchers discovered that all files of those Themes are dated for one single date, however two files are always differ from the others – these are functions.php and class.theme-modules.php. It is in these files that carry the hidden Wp-Vcd .
We would like to remind users that using “pirate” products can be dangerous. After all, as you know, if you do not pay for a product, then you become a product yourself.
One thought on “Malware Wp-Vcd is distributed through “pirate” themes for WordPress”
I like playing around with a theme before buying it because I need to know if I will like the theme. Of course there is no free version of most themes so naturally I downloaded a theme from a pirate site and installed it on my site.
Some days later I looked into my spam folder to find cPanel has quarantined the class.theme-modules.php because it was trying to upload whatever into the directory,
Do you think maybe cPanel has it covered then?