The WP-VCD is a hacking group, whose activity is concentrated on infiltrating WordPress websites. There have been reports speculating that most of the hacking campaigns in 2019 that were targeting WordPress Web pages may have been carried out by the WP-VCD group. Most criminals seek vulnerabilities within the targeted website, but the WP-VCD hacking group takes a rather different approach. They bait website administrators into giving them access to their pages. The WP-VCD group propagates bogus pirated variants of WordPress themes, which are otherwise premium, or in other words, they need to be paid for. These fake pirated copies of premium themes are hosted on a long list of websites that are owned by the WP-VCD group. To make sure their websites appear among the first results presented by a search engine, the WP-VCD hacking group has boosted their SEO (Search Engine Optimization) artificially. This makes it very likely for users to stumble upon one of the WP-VCD hosted Web pages if they are looking for a free premium theme for their WordPress website.

The WP-VCD Group Gains Administrative Privileges over Compromised Websites

The WP-VCD gang uses a rather clever method to enhance its pages' SEO fraudulently. These people utilize the websites, which they have already compromised, to boost the SEO of the pages hosting the cracked premium themes. The premium themes that the WP-VCD group is offering carry corrupted files that allow their operators to obtain administrator privileges and take over the infiltrated websites, but it is important to note that the themes in question are functional. The fact that they work as intended makes it even more threatening, as the user may not even suspect that anything wrong may be going on. Cybersecurity researchers have spotted that in these campaigns carried out by the WP-VCD group; they always make sure to create a 100010010 backdoor account. The files used to compromise the targeted WordPress website also plant themselves on all other themes present on the system. This makes sure that the WP-VCD hacking group retains control of the Web page even if the victim decides to change the theme on their website. The malware also will attempt to propagate itself to additional Web pages, which may be sharing a hosting account with the patient zero.

Monetizing the Threatening Campaign

It is likely that the WP-VCD group may be involved in what is known as Black Hat SEO. Malware researchers speculate that the WP-VCD gang may be offering Black Hat SEO as a service to other shady individuals online. This means that the WP-VCD group is likely planting backlinks to their customers' websites into Web pages they have compromised. This would enhance the SEO of their customers' pages artificially. The WP-VCD gang also monetizes its activities through malvertising. They are capable of planting advertisements into the infiltrated Web pages and spamming users with unwanted pop-ups and other advertisements. Often, they tend to advertise low-quality products and dodgy services and are not to be trusted.

Malware experts warn users time and time again against getting involved with any cracked or pirated software and media as, like they say, there is no free lunch, and many people get more than what they bargained for.


Most Viewed