Denis Sinegubko (a security researcher from Sucuri) has discovered a new wave of the known malware wp-vcd that injects malicious WordPress admin users into vulnerable or hacked websites. The researcher said that the wp-vcd malware is preinstalled inside pirated WordPress premium themes published for download for free on some websites, he noticed that the malicious code was loaded via the include function and injected malicious code into WordPress core files such as functions.php and class.wp.php.
Read more