WordPress is an easy target and attackers are compromising vulnerable and misconfigured deployments to serve Qakbot and other malware.
Qakbot, also referred to as Qbot, is a banking Trojan designed to steal Personally Identifiable Information (PII). The overall goal for the MCA is to collect browsing activity and steal bank account credentials and other financial information. Qakbot is designed to be highly evasive and self-propagating which makes it difficult to stop.
Qakbot attacks are launched through phishing email campaigns which lure victims to click on an attachment that appears as a legitimate document — bills, invoices, etc. To open the file, a user must enable macro commands which then enables the attachment to run malicious macros and infect the machine. Once the machine is infected, Qakbot copies itself onto the network and onto removable drives, mutating itself while moving laterally.