Mohit Jawanjal at Security Boulevard, a division of MediaOps and home of the Security Bloggers Network, Inc., has recently uncovered malicious code in a pirated WordPress plugin.
Pirated software has a long history of containing malicious codes going back to the days of P2P sites likes Napster and Limewire when such software was shared en masse. In the case of pirated WordPress plugins, the codes purpose is to boost another website’s search engine rank by dropping hidden links on any WP site that installs the plugin in the first place. This could also lead to problems for the site that installed the plugin as Google might flag the site for “unusual link activity” and issue a penalty even though the site’s owner is unaware of the plugin’s hidden blackhat SEO feature.
Think twice next time you want to download and install that nulled premium WP plugin.