- Jul 26, 2020 Download Free Malware Scanner – Malicious Code Detector 1.3 Nulled. Malware Scanner will help you to scan your website with one simple click. It can find both known and unknown viruses, shells, malware, malicious code infections and other website threats.
- Mar 30, 2020 Example of “nulled” websites that are distributing malicious versions of the ‘COVID-19 Coronavirus – Viral Pandemic Prediction Tools‘ plugin, that contains the WP-VCD malware (the links are not clickable for security reasons, you need to copy and paste them into your browser).
A WordPress malware campaign that recently picked up steam last month is now using nulled (pirated) premium themes to infect new victims.
According to Sucuri security researcher Denis Sinegubko, the wp-vcd malware is now preinstalled inside pirated WordPress premium themes offered for download for free on some sites known for providing nulled scripts, themes, and plugins for various CMS platforms.
Malwarebytes Anti-Exploit wraps three layers of security around popular browsers and applications, preventing exploits from compromising vulnerable code. Not an antivirus, but compatible with most antivirus, Malwarebytes Anti-Exploit is a small, specialized shield designed to protect you against one of the most dangerous forms of malware attacks. Reasons why WordPress theme is infected by Malware. When you are downloading and installing WordPress themes you should be very cautious not to download and install a WordPress theme from unknown sources, pirate websites or nulled themes websites. The danger of downloading and installing themes from these sites far outweigh the benefits of.
This particular malware — wp-vcd — works by adding a secret admin user to the site's backend, with the username '100010010.' Attackers use this backdoor account to open connections to infected websites so attackers can carry out scripted attacks at later dates.
wp-vcd used to inject spam on infected sites
Sinegubko says that since Sucuri saw a resurgence of the wp-vcd malware in late November, attackers have used wp-vcd backdoor accounts to insert spam on infected sites.
Some of these spam messages also led users back to the websites offering the nulled themes, helping wp-vcd authors propagate their malware and expand their network of hacked sites.
wp-vcd easy to spot inside nulled themes
The Sucuri expert points out that it's trivial to recognize nulled themes that come with the wp-vcd malware.
'All original [theme] files have one date, but two files have a different, more recent date,' he says. The two files are functions.php and class.theme-modules.php, two files that wp-vcd has historically infected since mid-July this year when an Italian researcher first spotted the malware.
'If you check those files, you’ll notice that functions.php has this line of code at the top,' says Sinegubko, pointing to:
Similarly, the class.theme-modules.php file mentioned above holds a large block of Base64-encoded text, that's quite easy to spot right at the top of the file's code.
While some WordPress themes can be expensive for some users, site operators should always keep in mind that if they're not paying for the product, they are the product.