An inside look at WP-VCD, today's largest WordPress hacking operation

[InfoSec News <alerts () infosecnews org>]

https://www.zdnet.com/article/an-inside-look-at-wp-vcd-todays-largest-wordpress-hacking-operation/

By Catalin Cimpanu
Zero Day
ZDNet
November 4, 2019

Today's top WordPress malware threat is a criminal operation known as WP-VCD, 
currently responsible for the vast majority of hacked WordPress sites, 
according to a Wordfence report shared exclusively with ZDNet.

The report details in great depth how the WP-VCD gang is spreading their 
malware, how the malware works down to its nuts and bolts, what are the crooks' 
end goal, and OpSec leaks that may have exposed one of the members' true 
identity.


SPREADING VIA PIRATED THEMES AND PLUGINS

But if there's one theme in the entire report is that these infections could 
have been very easily avoided. The WP-VCD gang does not use vulnerabilities to 
break into sites and install backdoors.

Instead, they rely on webmasters infecting themselves by downloading and 
installing pirated (nulled) themes and plugins for their WordPress sites.

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_