Book a Call
Coronavirus-Wordpress-Plugin-Infecting-Sites-with-WP-VCD-Malware
Coronavirus-Wordpress-Plugin-Infecting-Sites-with-WP-VCD-Malware
Wordpress / BEWARE of Coronavirus WordPress Plugin Infecting Sites with WP-VCD Malware

BEWARE of Coronavirus WordPress Plugin Infecting Sites with WP-VCD Malware

Enjoying this article?
Share it on social media!
Contents

Just when you thought hackers could not get any lower, they go past the bottom. Hackers have found a way to exploit legitimate WordPress plugins and themes by injecting itself in plugins which show stats for Coronavirus also known as the COVID-19 virus.

These exploits are being used in several types of attacks including ransomware, malware, and malicious domains.

Be very careful of any Coronavirus WordPress Plugin and do not download from sites other than WordPress.org

DO NOT DOWNLOAD ANY SOFTWARE FROM

www[dot]downloadfreethemes[dot]co
themesubmit[dot]com
www[dot]downloadfreethemes[dot]space, freesoft[dot]royalbeats[dot]in
freedownloadthemes[dot]co
raybans[dot]com[dot]co
coursefree[dot]co

For full details Analysis on the Injection points, files, and how the hackers are breaking into sites. Please see the details on WebARX's website.

Analysis

Injection Point

During the analysis of multiple samples, we noticed that all themes contained a file called class.theme-modules.php and all plugins contained a file called class.plugin-modules.php. Both files contained the exact same code.

In plugins, the hackers used the class.plugin-modules.php file which would be loaded in the main file of the plugin on the first line by injecting the following (reformatted):

See more here: https://www.webarxsecurity.com/wp-vcd-malware-analysis/

Enjoyed this article?
Share it on social media!

Check out another blog post!

Back to all Blog posts

Let’s work together!

© 2024 Bright Vessel. All rights reserved.
crossmenuchevron-downarrow-leftarrow-right