Prevailion specialists published
new study dedicated to the working methods of the WordPress botnet WP-VCD. This botnet has been active since the beginning of 2017 and its Operating is running a network of 20,000 “free download” sites through which pirated commercial WordPress themes are distributed. Users who download such pirated themes are of course unaware that they contain a backdoor that allows the WP-VCD hack group to seize control of infected sites.
Resources compromised in this way are used to redirect visitors to malicious sites hosting phishing pages or malware. But apart from that, WP-VCD also injects ads on the hacked sites in order to generate income also through advertising schemes (pay per impression or per click).
However, according to many studies, currently approximately 30-45% of all Internet users use ad blockers, which, of course, is negative affects the advertising revenue of the WP-VCD group.
Prevailion researchers say that the group is not sitting idly by and has already responded to this trend. Now hackers are integrating an anti-blocker script into their malware, which helps bypass the ad detection mechanisms used by modern ad blocking extensions and display ads no matter what. Moreover, according to experts, the hackers used for these purposes a script that was posted on the network back in 2017.