WordPress theme developers use customers as zombies to launch DDoS to their opponents
Recently, a developer exposed a very serious “security incident” on his blog. A developer’s client sent him a call for help because after the customer purchased and installed the WordPress theme for the site, it was running very slowly and could not find the cause. Then the developer digs deep into the root cause of the problem, and the results are surprising.
Pipdig is one of the largest WordPress theme developers, but its “pipdig Power Pack” plugin has recently been found to be a rogue software.
The developer mentioned in the opening article, after researching the source code of the pipdig Power Pack plugin, found the following behaviors:
- is using other blogger’s servers to perform a DDoS on a competitor
- is manipulating blogger’s content to change links to competitor WordPress migration services to point to the pipdig site
- is harvesting data from blogger’s sites without permission, directly contravening various parts of the GDPR
- is using the harvested data to, amongst other things, gain access to blogger’s sites by changing admin passwords
- contains a ‘kill switch’ which drops all database tables
- deliberately disables other plugins that pipdig has decided are unnecessary, without asking permission
- hides admin notices and meta boxes from WordPress core and other plugins from the dashboard, which could contain vital information
You can read the pipdig Power Pack plugin analysis here.