Security News > 2020 > February > 20,000 WordPress Websites Infected via Trojanized Themes
An active supply chain campaign that has been ongoing since late 2017 has infected at least 20,000 websites via malicious WordPress themes and plugins, Prevailion reports.
Dubbed PHPs Labyrinth, the campaign used 30 different WordPress marketplace platforms to distribute trojanized versions of premium themes.
The most prominent platform distributing the trojanized themes appears to be Vestathemes[dot]com, which claims to be offering thousands of pirated WordPress themes and plugins.
Once the victim uploads a trojanized theme, the attackers gain full control over the server, being able to add their own administrative account and recover the web admin's email and WordPress password hash.
All of the trojanized themes contain the "Class.theme-module.php" or "Class.plugin-modules.php" file, which is added by the attackers.