A WordPress malware campaign that recently picked up steam last month is now using nulled (pirated) premium themes to infect new victims. The wp-vcd malware is now preinstalled inside pirated premium themes offered for download for free on some sites. The malware works by adding a secret admin user to the site’s backend, with the username “100010010”” Attackers use this backdoor account to open connections to infected websites so attackers can carry out scripted attacks at later dates.”
Source: https://www.bleepingcomputer.com/news/security/wp-vcd-wordpress-malware-spreads-via-nulled-wordpress-themes/