Security researchers from US firm Sucuri are warning WordPress site owners against installing pirated themes and plugins from the GoMafia.com website. During the most recent site cleaning operations, we discovered some encoded code in the footer of one of our client’s sites, loaded through a premium WordPress plugin , according to the company’s engineers.
The crooks were first inserting four HTML links to four different websites which includes GoMafia.com and the other three were all links to websites were registered by the same person, an Indian developer from Tamil Nadu, named Sathish Kumar, working for a Web development company called Kenzest.
It is very obvious that Kumar had created GoMafia to distribute pirated WordPress plugins and themes that contained his malicious code. Users downloading content from GoMafia would end up with malvertising and hidden black hat SEO on their sites.