By Enterprise Security Magazine | Tuesday, January 28, 2020
In recent times, the cybercriminals have also started installing virus like WP-VCD in WordPress websites, which is affecting the developers and designers.
FREMONT, CA: The world of WordPress is dealing with one of the most severe malware infections, and it is being processed by the virus known as WP-VCD. The WP-VCD malware generally targets developers and designers of WordPress, who want to download themes and paid plugins.
How does the malware spread?
The first attack of WP-VCD malware was reported in February 2017, but in the recent few years, the attacks have been increasing rapidly all over the world. The virus mainly targets the developers and designers of WordPress, who are looking for free, download versions of the themes, and paid plugins.
To make matters worse, the site distributing the WP-VCD virus is generally ranked high while a user is searching for WordPress themes. The virus also does not depend on any complicated code to avoid detection. Instead, it just conceals itself with the original files and the code structures.
Moreover, even when the viruses are removed, a merge of the extensive C2 infrastructure and flexible design partly permits the cybercriminals to set up a perseverance presence on the website of the victim.
What will happen when the System gets Infection?
After a website gets infected with the WP-VCD malware, the C2 might still act in response to the code that was supposed to implement malevolent backlinks in the content of the site.
If the code is present in the system, whenever a user tries to view a post on the vulnerable site, an HTTP GET request will be automatically sent to the latest address of C2. The request will consist of data regarding the site of the victim and also posts that are being loaded, such as the address of the site, title, and type.
WP-VCD has become a common malware in the ecosystem of WordPress.
If the owners of the WordPress sites want to prevent their system from WP-VCD virus can use the following ways.
• While hiring a developer to create a WordPress, the owner must ensure that they are sourcing the contents with full responsibility.
• It will be advisable not to install themes and any paid plugins.