One of the most prevalent malware infections facing the WordPress ecosystem in recent weeks is a campaign known as WP-VCD. Despite the relatively long existence of the campaign, this infection has been associated with a higher rate of new infections than any other WordPress malware every week since August 2019, and the campaign shows no signs of slowing down.
Nathansoftware and our associates use the invaluable Wordfence security plugin, from whom a comprehensive report has been written about WP-VCD. Wordfence has identified that this sophisticated infection is being installed by the owners of websites who download pirated plugins and themes distributed by a network of related sites. You can find their full blog here.