Prevailion specialists published new studydedicated to the WordPress botnet WP-VCD botnet working methods. This botnet has been active since the beginning of 2017 and its main activity is managing a network of 20,000 sites with “free downloads” through which pirated commercial WordPress themes are distributed. Users who download such pirated themes, of course, are not aware that they contain a backdoor that allows the WP-VCD hack group to take control of infected sites.
Resources thus compromised are used to redirect visitors to malicious sites that host phishing pages or malware. But in addition to this, WP-VCD also introduces advertising on hacked sites in order to generate revenue through advertising schemes (payment for each impression or for each click).
However, according to many studies, currently about 30-45% of all Internet users use ad blockers, which, of course, negatively affects the advertising revenue of the WP-VCD group.
Prevailion researchers say the group is not idle and has already responded to this trend. Now, hackers integrate an anti-blocking script into their malware, which helps bypass the ad detection mechanisms used by modern extensions to block ads and display ads in spite of everything. Moreover, according to experts, hackers used for these purposes a script that was posted online back in 2017.