Threat actors behind the WP-VCD family of WordPress infections have started to distribute modified versions of Coronavirus-themed plugins. These plugins create backdoors on infected sites and are designed to display popups, redirect visitors, or inject malicious advertisements in attempts to generate revenue for the attackers. Once installed, the malicious plugin will attempt to inject code into installed themes or other various PHP files, and attempt to infect other sites if on a shared host. Because of the way the malicious plugin injects code, it is able to load every time a page is loaded on the infected site. This allows it to regularly check in with a command and control server for tasks it should execute. The pirated WordPress plugins that were found to include the malicious code were named: “COVID-19 Coronavirus – Live Map WordPress Plugin,” “Coronavirus Spread Prediction Graphs,” and “Covid-19.”
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security