Malware Wp-Vcd is distributed through “pirate” themes for WordPress

At the end of November 2017,Security specialists discovered a new malware Wp-Vcd

Wp-Vcd attacks sites running WordPress. The malware uses known vulnerabilities in plug-ins or CMS for attacks and they mask themselves as a legitimate WordPress files. If the attack succeeds, a new, hidden administrator account (login 100010010) is created on the infected sites, which then can be used as a backdoor.

Users often use third-party sites to install “pirate” plug-ins, themes and scripts for various CMSies, including WordPress. These initially paid Themes and plug-ins were allegedly “cleaned” by hackers and are now distributed completely free of charge.

Experts warn that it is with the help of such hacked Themes for WordPress the Wp-Vcd is distributed. Researchers discovered that all files of those Themes are dated for one single date, however two files are always differ from the others – these are functions.php and class.theme-modules.php. It is in these files that carry the hidden Wp-Vcd .

We would like to remind users that using “pirate” products can be dangerous. After all, as you know, if you do not pay for a product, then you become a product yourself.