COVID-19 WordPress Malware Description
Many website administrators are adding Coronavirus (COVID-19) related plugins on their pages to inform their visitors about stats and the latest news regarding the pandemic. However, cybercriminals have noticed this opportunity to propagate various types of malware to unsuspecting users and website administrators.
This is the case with the COVID-19 WordPress malware. Cybersecurity analysts have listed this threat under the 'Trojan.WordPress. Backdoor.A' name. This fake WordPress plugin presents itself as a Coronavirus graphic containing useful information. The creators of the fake plugin are using copies of genuine COVID-19 plugins to trick website administrators into installing it. The bogus plugin will plant a corrupted code into the WordPress files of the site. The goal of the COVID-19 WordPress malware is to inject third-party advertisements on the targeted website and therefore generate revenue for the attackers. The advertisements affiliated with the COVID-19 WordPress threat are likely unsafe and may promote low-quality products and fake services. Some of the fake plugins associated with this threat exist under the names' COVID-19 Coronavirus – Live Map Word Press Plugin,' 'Covid-19,' and 'Coronavirus Spread Prediction Graphs.'
Once you install the fake plugin on your site, you may not notice anything wrong as the plugin will behave as expected – it will present you with a functioning Coronavirus map. However, the COVID-19 WordPress malware will operate in the background and will tamper with the 'post.php' file. This means that a bad PHP file will be executed every time a post is being viewed by a visitor. This allows the threat to inject advertisements on every page of the infected website. The piece of malware used in this campaign is something that researchers have already encountered in the past under the name 'WP-CVD.'
Fake, compromised plugins often pose as pirated versions of legitimate WordPress plugins that are paid. Website administrators who do not want to pay for a plugin may look for a pirated copy of it, and this may land them in great trouble as they may end up installing malware on their Web page. This is why it is best to install plugins from legitimate, trustworthy sources only. Removing the COVID-19 WordPress malware from your site may prove to be rather tricky as this threat will inject its unsafe code into the files of the WordPress theme you are using. Your best bet is using a backup to revert your page to an earlier version.