Premium WordPress themes are pirated and are used to spread WP-VCD malware. This malware is hidden in legitimate WordPress files. It is used to add secret admin user and allows the hackers to take complete control. The malware was first spotted by Italian cybersecurity specialist Manuel D’orso. The malware was first loaded via a call for wp-vcd.php file and that inject malicious code into the original core files.
This code creates a new secret admin user account called 10000010. The reason to bring this malware was to open a connection to infected sites so that hackers can carry out attacks later.
This malware also sent spam messages which led users back to the websites offering pirated themes which helped them propagate their malware. As we all say, to defeat your enemy we should know(understand) them well. We can’t remove the malware code before removing the main WP-VCD file. Attackers may try to inject pop advertisements into your website to spread the malware.
They can also transfer if we have downloaded themes from the third party free download sites. These free versions will create class.theme.php or class.plugin-module.php files which contain the malware code.
This affected WordPress themes gives loopholes in outdated plugins and themes. Hackers are then able to exploit vulnerabilities in WordPress plugins and themes to upload wp-vcd on different sites. If your site has outdated WordPress plugins and themes or if you do not have web application firewall, you are more likely to get attacked by this malware. You can contact a good WordPress development service to solve this.
Your hosting provider is likely to suspend your WordPress account because of wp-vcd malware to protect other websites. Pages on your website may get redirected to shady websites due to this attack. You will see PHP files everywhere in your directory.
wp-includes/wp-vcd.php; wp-includes/class.wp.php; wp-includes/wp-cd.php; wp-includes/wp-feed.php; wp-includes/wp-tmp.php;
1. Enable Popup blocker
2. Keep windows updated
3. Try to avoid free third-party downloads
4. Install Anti-virus
5. Have Regular backup facility
Deleting the malware once affected is not an also easy job. This malware tends to infect other areas on the website and also install different types of malware codes. Hence it is very important to create an effective security strategy which will do the analysis and completely clean the website.
Extra care is needed to avoid to become the victim of this kind of attacks even with the updated WordPress development installs. Always monitor and update your themes.