WordPress Admins Infect Their Sites With WP-VCD via Pirated Plugins
WordPress sites have been the target of a highly active malicious campaign that infects them with a malware dubbed WP-VCD that hides in plain sight and quickly spreads to the entire website.
News Insights: Mike Bittner, Associate Director of Digital Security and Operations for The Media Trust says, “If legitimate plugins purchased from known sites are vulnerable, you can imagine the hazards that come with obtaining a pirate copy from a rogue site for free. In fact, nothing is truly free. These sites ensnare website operators with pirate copies so they can compromise site users’ machines for theft or fraud. The security and privacy risks with legitimate plugins are high since too many have not been designed with strong defenses. The most potent defense for today’s site owners is to stay far left of any breaches by maintaining a mindset that anticipates risks at every turn. Carefully vet what is allowed to run on a website and continually monitor that site. Anything out of the ordinary will harm users or erode user experience. Either way, the business’ reputation and revenues will take a hit.”