https://www.zdnet.com/article/an-inside-look-at-wp-vcd-todays-largest-wordpress-hacking-operation/
By Catalin Cimpanu
Zero Day
ZDNet
November 4, 2019
Today's top WordPress malware threat is a criminal operation known as WP-VCD,
currently responsible for the vast majority of hacked WordPress sites,
according to a Wordfence report shared exclusively with ZDNet.
The report details in great depth how the WP-VCD gang is spreading their
malware, how the malware works down to its nuts and bolts, what are the crooks'
end goal, and OpSec leaks that may have exposed one of the members' true
identity.
SPREADING VIA PIRATED THEMES AND PLUGINS
But if there's one theme in the entire report is that these infections could
have been very easily avoided. The WP-VCD gang does not use vulnerabilities to
break into sites and install backdoors.
Instead, they rely on webmasters infecting themselves by downloading and
installing pirated (nulled) themes and plugins for their WordPress sites.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
