Threat actors behind the WP-VCD family of WordPress infections have started to distribute modified versions of Coronavirus-themed plugins. These plugins create backdoors on infected sites and are designed to display popups, redirect visitors, or inject malicious advertisements in attempts to generate revenue for the attackers. Once installed, the malicious plugin will attempt to inject code into installed themes or other various PHP files, and attempt to infect other sites if on a shared host. Because of the way the malicious plugin injects code, it is able to load every time a page is loaded on the infected site. This allows it to regularly check in with a command and control server for tasks it should execute. The pirated WordPress plugins that were found to include the malicious code were named: “COVID-19 Coronavirus – Live Map WordPress Plugin,” “Coronavirus Spread Prediction Graphs,” and “Covid-19.”
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.