The threat actors behind the WordPress WP-VCD malware have started to distribute modified versions of Coronavirus plugins that inject a backdoor into a web site. The ultimate goal of these malicious plugins is to use the compromised WordPress site to display popups or perform redirects that generate revenue for the threat actors. MalwareHunterTeam shared some samples of WordPress plugins with BleepingComputer that were being flagged on VirusTotal as ‘Trojan.WordPress.Backdoor.A’ The best way to avoid having your site infected is to not download any plugins from unauthorized sites.
Source: https://www.bleepingcomputer.com/news/security/wordpress-malware-distributed-via-pirated-coronavirus-plugins/