The threat actors behind the WordPress WP-VCD malware have started to distribute modified versions of Coronavirus plugins that inject a backdoor into a web site.
The WP-VCD family of WordPress infections are distributed as nulled, or pirated, WordPress plugins that contain modified code that injects a backdoor into any themes that are installed on the blog as well as various PHP files.
Once a WordPress site is compromised by WP-VCD, the malware will attempt to compromise other sites on the same shared host and will routinely connect back to its command & control server to receive new instructions to execute.
The ultimate goal of these malicious plugins is to use the compromised WordPress site to display popups or perform redirects that generate revenue for the threat actors.