Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

WordPress Admins Infect Their Sites With WP-VCD Via Pirated Plugins

posted by Fnord666 on Friday November 08 2019, @12:46PM   Printer-friendly
from the watch-what-you-plug-in dept.

upstart writes:

Submitted via IRC for soylent_red

WordPress Admins Infect Their Sites With WP-VCD via Pirated Plugins

WordPress sites have been the target of a highly active malicious campaign that infects them with a malware dubbed WP-VCD that hides in plain sight and quickly spreads to the entire website.

The group of hackers behind it have also made sure that their malicious payload is also very hard to get rid of once it manages to compromise a site. To make things worse, the malware is also designed to scan its way through the hosting server and infect any other WordPress sites it finds.

WP-VCD is spread by the most active malicious campaign impacting WordPress sites as of late, with the Wordfence threat intelligence team that took a closer look at it associating "individual WP-VCD malware samples with a higher rate of new infections than any other WordPress malware since August 2019."

The malware is also "installed on more new sites per week than any other malware in recent months" and "the campaign shows no signs of slowing down."

This is quite remarkable given that the malware has been doing rounds for more than two years, with the first publicly reported case of a WP-VCD infection going as far as February 2017, and users reporting infections and asking for advice on how to get rid of them on the WordPress Support forum [1, 2, 3, 4, 5] and in various other places on the Internet. [1, 2, 3]

Original Submission

 
This discussion has been archived. No new comments can be posted.
WordPress Admins Infect Their Sites With WP-VCD Via Pirated Plugins | Log In/Create an Account | Top | 7 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Informative) by zemm on Friday November 08 2019, @01:42PM (3 children)

    by zemm (7178) on Friday November 08 2019, @01:42PM (#917851)

    Don't miss this detail: That "in the case of WP-VCD the webmasters are the ones who spread the infection to their websites. This happens because the malware is disseminated using pirated (also known as nulled) copies of WordPress themes and plugins"

    WordPress security is not perfect but it's not as bad as is sometimes assumed; often it's bad practices by the people responsible for the website that cause issues. In this case, the webmasters are infecting their own sites by downloading and installing illegitimate versions of normally paid plugins from shady sites that have been modified to include malware.

    Starting Score:    1  point
    Moderation   +3  
       Informative=3, Total=3
    Extra 'Informative' Modifier   0  
    Total Score:   4  

  • (Score: 1, Touché) by Anonymous Coward on Friday November 08 2019, @02:26PM (1 child)

    by Anonymous Coward on Friday November 08 2019, @02:26PM (#917859)

    In this case, the webmasters are infecting their own sites by downloading and installing illegitimate versions of normally paid plugins from shady sites

    But. But. Software *wants* to be free.

    • (Score: 4, Insightful) by barbara hudson on Friday November 08 2019, @03:21PM

      by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Friday November 08 2019, @03:21PM (#917882) Journal
      Well, it's one way to get paid. The owners of the plugins can create copies with miners, etc., and upload them to shady sites where pirates can download them, so like the old Fram commercial - "you can pay me now or pay me later."
      --
      SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.

  • (Score: 2) by loonycyborg on Friday November 08 2019, @04:27PM

    by loonycyborg (6905) on Friday November 08 2019, @04:27PM (#917923)

    You can easily roll out a site using opensource or at least free-as-beer software, so no idea why people would ever reach for paid stuff, pirated or otherwise. This is also question of business model. Only actual effort here is involved in maintaining the site and people maintaining own sites generally doesn't lead to more effort for upstream plugin developers. Or at least that effort doesn't scale with number of users who use it. So upstream devs getting paid in proportion to number of users makes no sense.