PRECAUCIÓN: el complemento de WordPress para el coronavirus infecta sitios con malware WP-VCD

Just when you thought hackers could not get any lower, they go past the bottom. Hackers have found a way to exploit legitimate WordPress plugins and themes by injecting itself in plugins which show stats for Coronavirus also known as the COVID-19 virus.

Estos exploits se utilizan en varios tipos de ataques, incluidos ransomware, malware y dominios maliciosos.

Tenga mucho cuidado con cualquier complemento de WordPress de Coronavirus y no lo descargue de sitios que no seanWordPress.org

NO DESCARGUE NINGÚN SOFTWARE DE

www[dot]downloadfreethemes[dot]co
themesubmit[dot]com
www[dot]downloadfreethemes[dot]space, freesoft[dot]royalbeats[dot]in
freedownloadthemes[dot]co
raybans[dot]com[dot]co
coursefree[dot]co


For full details Analysis on the Injection points, files, and how the hackers are breaking into sites. Consulte los detalles en el sitio web de WebARX.

Análisis

Punto de inyección

During the analysis of multiple samples, we noticed that all themes contained a file called class.theme-modules.php and all plugins contained a file called class.plugin-modules.php. Both files contained the exact same code.

In plugins, the hackers used the class.plugin-modules.php file which would be loaded in the main file of the plugin on the first line by injecting the following (reformatted):

See more here: https://www.webarxsecurity.com/wp-vcd-malware-analysis/