Information Security News mailing list archives
An inside look at WP-VCD, today's largest WordPress hacking operation
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 5 Nov 2019 10:20:56 +0000 (UTC)
https://www.zdnet.com/article/an-inside-look-at-wp-vcd-todays-largest-wordpress-hacking-operation/ By Catalin Cimpanu Zero Day ZDNet November 4, 2019Today's top WordPress malware threat is a criminal operation known as WP-VCD, currently responsible for the vast majority of hacked WordPress sites, according to a Wordfence report shared exclusively with ZDNet.
The report details in great depth how the WP-VCD gang is spreading their malware, how the malware works down to its nuts and bolts, what are the crooks' end goal, and OpSec leaks that may have exposed one of the members' true identity.
SPREADING VIA PIRATED THEMES AND PLUGINSBut if there's one theme in the entire report is that these infections could have been very easily avoided. The WP-VCD gang does not use vulnerabilities to break into sites and install backdoors.
Instead, they rely on webmasters infecting themselves by downloading and installing pirated (nulled) themes and plugins for their WordPress sites.
[...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- An inside look at WP-VCD, today's largest WordPress hacking operation InfoSec News (Nov 05)